🟡 Medium   ⏱ 5–30 min  Last verified: 20 May 2026

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

SSH connection is blocked with host key mismatch warnings. Automation and administrative access fail until trust is restored.

Environment & Reproduction

Ubuntu 22.04 clients connecting to rebuilt servers or changed load-balanced backends. Reproduce after server host key rotation.

Root Cause Analysis

Known_hosts contains previous server key fingerprint; new key appears as potential MITM unless validated out-of-band.

Quick Triage

Verify target host identity through trusted channel, then compare presented fingerprint using ssh-keyscan and ssh-keygen -lf.

Step-by-Step Diagnosis

Locate conflicting entry line in ~/.ssh/known_hosts, confirm DNS/IP ownership, and validate server-side /etc/ssh host key set.

Illustrative mockup for ubuntu-22-04-lts — ubuntu2204-common-problem-24-ssh-hostkey-01.webp
SSH warns that remote host identification has changed. — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Remove stale key with ssh-keygen -R , fetch verified new key, and reconnect with strict host key checking enabled.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for ubuntu-22-04-lts — ubuntu2204-common-problem-24-ssh-hostkey-02.webp
Rotate known_hosts entries safely after host verification. — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Use SSH host certificates and internal CA trust to reduce manual host key churn in dynamic fleets.

Verification & Acceptance Criteria

SSH connects successfully without warnings and known_hosts stores the verified replacement fingerprint.

Rollback Plan

Re-add prior known_hosts entries only if rollback to original host is confirmed and secure.

Prevention & Hardening

Maintain documented host key rotation process and distribute trusted fingerprints through configuration management.

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!, Offending key in known_hosts.

Related tutorial: View the step-by-step tutorial for Ubuntu 22.04 LTS.

View all Ubuntu 22.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

OpenSSH manual pages, SSH host key management best practices, Ubuntu SSH security guides.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.