Why is SSH Secure Shell for Windows warning me that the host key has changed?

When you connect to a host for the first time, SSH Secure Shell for Windows asks if you want to accept the server's encryption key. If you choose to accept and save it, SSH Secure Shell stores the key in its list of host keys. If SSH Secure Shell ever receives a key from this host that doesn't match the saved key, it will alert you that the host's key has changed.

One of the possible reasons for this change is a man-in-the-middle attack, which means that a malicious computer is posing as the host you are trying to reach in order to capture data passing between your computer and the host computer. Another more benign reason may be that the host has updated its SSH software, in which case you will have to receive a new host key.

Before downloading a new key, you should first verify with a trusted source (e.g., the host's system administrator) that the legitimate host has had its SSH software upgraded or changed. Then, to delete the old host key and accept the new key:

  1. From the Edit menu, select Settings....
  2. If it is not already expanded, double-click Global Settings to expand it.
  3. If it is not already expanded, double-click Server Authentication, and under it, click Host Keys.
  4. Select the name of the host for which the key has changed, and then click Delete.
  5. The next time you connect to the host, a dialog box titled Host Identification will appear, asking if you want to accept the new host key. Click Yes to accept and save the new key.

This is document ajif in the Knowledge Base.
Last modified on 2015-06-23 00:00:00.

Contact us

For help or to comment, email the UITS Support Center.