Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

On UNIX-like systems like Linux and Mac OS, the known_hosts file is located at ~/.ssh/known_hosts. You can remove entries from this file manually (with a text editor), but If you're using a system that bundles a command-line SSH client, it probably includes the ssh-keygen utility. You can examine the host key you have stored for a server with the command "ssh-keygen -F <hostname> -l": 

Code Block
languagetext
titleList stored server host key fingerprint
$ ssh-keygen -F gl.umbc.edu -l
# Host gl.umbc.edu found: line 187
gl.umbc.edu ECDSA SHA256:wSwjkRNKOUxWYi8XaCFSOyQwhnSctdagnVdlD9Y/5Lw

 

If the host key fingerprint for a server has changed, and you've verified that the new fingerprint is authentic, you can remove old entries with the command "ssh-keygen -R <hostname>":

 

Code Block
languagetext
titleWARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
$ ssh gl.umbc.edu
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:wSwjkRNKOUxWYi8XaCFSOyQwhnSctdagnVdlD9Y/5Lw.
Please contact your system administrator.
Add correct host key in /Users/kherna1/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/kherna1/.ssh/known_hosts:186
ECDSA host key for gl.umbc.edu has changed and you have requested strict checking.
Host key verification failed.

$ ssh-keygen -R gl.umbc.edu
# Host gl.umbc.edu found: line 186
/Users/kherna1/.ssh/known_hosts updated.
Original contents retained as /Users/kherna1/.ssh/known_hosts.old