Knowledge Base

Warning message when you try to connect to a server using SSH

This article describes a problem that may occur when you try to connect to a server using SSH, and how to resolve it.

Problem

When you try to connect to a server using SSH, you receive a warning message.

  • If your computer is running Mac OS X or Linux, the message is:
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that a host key has just been changed.
  • If you are using PuTTY on Microsoft Windows, the message is:

    WARNING - POTENTIAL SECURITY BREACH!
    
    The server's host key does not match the one PuTTY has cached in the registry. 
    This means that either the server administrator has changed the host key, 
    or you have actually connected to another computer pretending to be the server.

Cause

The most likely cause of this problem is that the RSA fingerprint has changed on the remote server, but the client computer still has the previous RSA fingerprint stored. This often occurs after you install a new operating system template on a server.

If you have not made any recent changes to the server, it is possible that a malicious actor is pretending to be the server (this is also known as a “man-in-the-middle” attack). If you suspect this may be the case, you can open a support ticket on the Customer Portal at https://my.a2hosting.com and we will investigate the issue further.

Resolution

To resolve this problem, follow the appropriate procedure for your client computer's operating system.

Mac OS X and Linux

To resolve this problem on client computers running Mac OS X or Linux, follow these steps:

  1. Locate the following line of text in the warning message. Your values of path and x will be different:
    Offending RSA key in /path/.ssh/known_hosts:x
  2. Use your preferred text editor to open the /path/.ssh/known_hosts file.
  3. Delete the entire line of text indicated by number x.
  4. Save your changes to the file and exit the text editor.
  5. You should now be able to connect to the server using SSH.
Microsoft Windows

When PuTTY displays the warning message, you have three options:

  • If you recently changed the server configuration or reinstalled the operating system, click Yes to update PuTTY's cache with the server's new RSA fingerprint. The warning message will not appear the next time you connect to the server.
  • If you are unsure about the server configuration, you can click No to continue connecting without updating PuTTY's cache. The warning message will appear the next time you connect to the server.
  • If you are sure that the server configuration has not changed, and suspect that a malicious actor may be tampering with the connection, click Cancel. Open a support ticket on the Customer Portal at https://my.a2hosting.com and we will investigate the issue further.