If SSH warns you that the host key has changed

On this page:

Overview

When you connect to a host for the first time, SSH asks if you want to accept the server's encryption key. If you choose to accept and save it, SSH stores the key in its list of host keys. If SSH ever receives a key from this host that doesn't match the saved key, it will alert you that the host's key has changed.

Possible causes

Caution:
One of the possible reasons for this change is a man-in-the-middle attack, which means that a malicious computer is posing as the host you are trying to reach in order to capture data passing between your computer and the host computer.

Another more benign reason may be that the host has updated its SSH software, in which case you will have to receive a new host key.

Verify that the change is legitimate

Before downloading and accepting a new key, you should first verify with a trusted source (such as the host's system administrator) that the legitimate host has had its SSH software upgraded or changed. If the legitimate host confirms the change, delete the old host key and accept the new host key.

Related documents

Set up SSH public key authentication to connect to a remote system

This is document ajif in the Knowledge Base.
Last modified on 2021-08-06 14:50:47.