Clearing the known_hosts SSH File

Sometimes when connecting to a computer with SSH, things can get jumbled up and an error can occur that looks like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@     WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for ras.mydomain.com has changed and you have requested strict checking.
Host key verification failed.

The purpose of the known_hosts file is for the client to authenticate the server they are connecting to. This error will occur when the public key the host has changes. To fix this we must remove the key causing the error.

Linux / Mac / Windows with MobaXterm

Finding the known_hosts File:

After you have connected to a computer using ssh, the key you used to connected is stored in a file called known_hosts which is located in a hidden file (.ssh) in your home directory. It can be opened in a text editor of your choice with:

[abc123@computer ~]vim ~/.ssh/known_hosts

You will notice the file is arranged: computername, ip-address veryLongKey, where each line is its own computer and key. If you have a smaller screen the key will continue on to the next line, but is still counted as one line.

Method 1 - Getting Rid of It All

If you only have one host in your know_host file then removing the entire file is a solution. The file will be recreated the next time you ssh into that computer. Before you remove the file you should back up the contents:

cp ~/.ssh/known_hosts ~/.ssh/known_hosts.old
[abc123@computer ~]rm ~/.ssh/known_hosts

Method 2 - Targeting the Key Individually

If you look at the error message you will notice this line:

RSA host key for ras.mydomain.com has changed...

This tells which is the offending host, so now you can remove that key by running:

[abc123@computer ~]ssh-keygen -R HOSTNAME

This will give you the following output when it is successful:

# Host HOSTNAME found: line #
/home/user/.ssh/known_hosts updated.
Original contents retained as /home/user/.ssh/known_hosts.old

You can also edit the known_hosts file directly and remove the entire offending line which is indicated by: Offending key in /home/user/.ssh/known_hosts:1. In this case the line is 1. You may end up deleting something you did not intend to so back the file up first:

cp ~/.ssh/known_hosts ~/.ssh/known_hosts.old

Windows with PuTTY

Unlike the other options above, PuTTy does not create a convenient known_hosts folder in your home directory. Instead we need to edit the registry it creates:

  1. Search for regedit.exe and open it
    regedit.exe
  2. Navigate to HKEY_CURRENT_USER/SOFTWARE/SimonTatham/PuTTy/SshHostKeys
    Key Current User
  3. Right click the offending key and click delete
    Offending Key

If there are any further questions, or there is an issue with the documentation, please contact rc-help@rit.edu for additional assistance.