WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED

I’ve got this message below when trying to connect via SSH.

When you connect to a server via SSH, it gets a fingerprint for the ECDSA key, which it then saves to your home directory under ~/.ssh/known_hosts. This is done after first connecting to the server, and will prompt you with a message like this:

$ ssh ec2-user@ec2-192-168-1-1.compute-1.amazonaws.com
The authenticity of host 'ec2-192-168-1-1.compute-1.amazonaws.com (192.168.1.1)' can't be established.
ECDSA key fingerprint is SHA256:hotsxb/qVi1/ycUU2wXF6mfGH++Yk7WYZv0r+tIhg4I.
Are you sure you want to continue connecting (yes/no)?

This can happen if you have created a new server with an IP address you had previously used on a different server.

Another solution would be to use the ssh-keygen utility to delete the offending key from your known_hosts file, which can be done with the following command:

$ ssh-keygen -R [hostname-or-IP]

So in my example, I’d use it like this:

$ ssh-keygen -R ec2-10-13-103-135.compute-1.amazonaws.com

This method is good if you don’t want to alter the manually known_hosts file yourself, and the utility is easier to use if you have multiple hostnames and IP addresses to fix. It can also handle hashed hostnames in a known_hosts.old file.

Another way which I have done is set up a cronjob

crontab -e

I have setup a crontab that runs daily and purges the know_hosts file

0 12 * * * >/home/ubuntu/.ssh/known_hosts