Fixing “REMOTE HOST IDENTIFICATION HAS CHANGED!” when establishing an SSH connection

·

·

The issue

I have re-flashed my Raspberry Pi today, and when I try to connect to it again with SSH with a fresh SD card I get this message:

C:\Users\Flemming>ssh 10.0.1.2 -l pi
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:UtX3HGxfB4IU3rps9sXP5j7aShSJ3vcqojlwN/EY4Po.
Please contact your system administrator.
Add correct host key in C:\\Users\\Flemming/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\Flemming/.ssh/known_hosts:4
ECDSA host key for 10.0.1.2 has changed and you have requested strict checking.
Host key verification failed.

The thing is, it is using the same IP as before, so it is getting a new identification with the same IP (or hostname), even if it is the same hardware, just with a new OS-installation.
If you have not done any changes like this you may be skeptical, but in cases like this where it is a logical reason Isn’t this particularly risky to “bypass” it.

The solution

Just write ssh-keygen -R <IP or hostname>. This code will remove the saved identification for that host.

C:\Users\Flemming>ssh-keygen -R 10.0.1.2
# Host 10.0.1.2 found: line 4
C:\Users\Flemming/.ssh/known_hosts updated.
Original contents retained as C:\Users\Flemming/.ssh/known_hosts.old

you then have to try reconnect, and type yes to continue.

C:\Users\Flemming>ssh 10.0.1.2 -l pi
The authenticity of host '10.0.1.2 (10.0.1.2)' can't be established.
ECDSA key fingerprint is SHA256:UtX3HGxfB4IU3rps9sXP5j7aShSJ3vcqojlwN/EY4Po.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

That’s it.

Warning: Permanently added '10.0.1.2' (ECDSA) to the list of known hosts.
pi@10.0.1.2's password:
Linux unifi-controller 6.1.0-rpi4-rpi-v8 #1 SMP PREEMPT Debian 1:6.1.54-1+rpt2 (2023-10-05) aarch64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
pi@unifi-controller:~ $
Share