WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED
What this is
You try to SSH in and get a wall of @ symbols shouting:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
...
Host key verification failed.
Why it happens
Every SSH server has a host key that identifies it, and your computer saves it (in ~/.ssh/known_hosts) the first time you connect. When you reinstall your VPS, the fresh OS generates a new host key. Your computer sees the same IP presenting a different identity, exactly what a man-in-the-middle attack would look like, and refuses to connect. Scary wording, routine cause.
The fix
Remove the old key for your VPS, using the same address you SSH with (IP or hostname):
ssh-keygen -R YOUR.VPS.IP
Then connect again and accept the new key at the prompt. That's it. (The warning message also names the exact known_hosts line if you'd rather delete it by hand.)
When to take it seriously
If you get this warning and you haven't reinstalled the VPS (and we haven't notified you of maintenance that would explain it), don't just bypass it, verify before typing your password anywhere. Log in through the Console (which doesn't go over SSH), compare the server's actual host key fingerprint (ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub) with what the warning shows, and if they don't match, contact us.
Related questions
- "What does REMOTE HOST IDENTIFICATION HAS CHANGED mean?"
- "I reinstalled my VPS and now SSH refuses to connect."
- "How do I fix host key verification failed?"
- "Is the host key warning an actual attack?"