📖 ~1 min read
Table of contents
Symptom & Impact
SSH clients show WARNING REMOTE HOST IDENTIFICATION HAS CHANGED and block connections.
Environment & Reproduction
Ubuntu 18.04 servers rebuilt, reimaged, or rotated host keys while clients retain old known_hosts records.
Root Cause Analysis
Server host key fingerprint changed legitimately or due to potential man-in-the-middle risk.
Quick Triage
Validate new fingerprint out-of-band from console access before modifying client trust records.
Step-by-Step Diagnosis
Compare ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub output with client warning details.
Solution – Primary Fix
After verification, remove stale key with ssh-keygen -R and reconnect to store the new fingerprint.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Publish SSH host certificates or centralized known_hosts management to reduce manual trust drift.
Verification & Acceptance Criteria
SSH connection succeeds without mismatch warning and fingerprint matches approved inventory.
Rollback Plan
If fingerprint cannot be validated, block access and revert to previous host snapshot for investigation.
Prevention & Hardening
Document host key rotations and automate distribution of trusted fingerprints.
Related Errors & Cross-Refs
Offending key in known_hosts, possible DNS spoofing detected, and host key verification failed.
Related tutorial: View the step-by-step tutorial for Ubuntu 18.04 LTS.
View all Ubuntu 18.04 LTS tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
OpenSSH manuals, ssh-keygen usage, and operational key management practices.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
