Why is SSH Secure Shell for Windows warning me that the host key has changed?

When you connect to a host for the first time, SSH Secure Shell for Windows asks if you want to accept the server's encryption key. If you choose to accept and save it, SSH Secure Shell stores the key in its list of host keys. If SSH Secure Shell ever receives a key from this host that doesn't match the saved key, it will alert you that the host's key has changed.

One of the possible reasons for this change is a man-in-the-middle attack, which means that a malicious computer is posing as the host you are trying to reach in order to capture data passing between your computer and the host computer. Another more benign reason may be that the host has updated its SSH software, in which case you will have to receive a new host key.

Before downloading a new key, you should first verify with a trusted source (e.g., the host's system administrator) that the legitimate host has had its SSH software upgraded or changed. Then, to delete the old host key and accept the new key:

  1. From the Edit menu, select Settings....
  2. If it is not already expanded, double-click Global Settings to expand it.
  3. If it is not already expanded, double-click Server Authentication, and under it, click Host Keys.
  4. Select the name of the host for which the key has changed, and then click Delete.
  5. The next time you connect to the host, a dialog box titled Host Identification will appear, asking if you want to accept the new host key. Click Yes to accept and save the new key.

This is document ajif in the Knowledge Base.
Last modified on 2015-06-23 00:00:00.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.