How To Fix “ECDSA host key” Warning Error In Arch Linux

Fix "ECDSA host key" Warning Error In Arch Linux

I have deployed many virtual machines using Oracle VirtualBox for testing and learning purposes. The other day, I tried to connect to one of my remote server that runs with Arch Linux via SSH.

Here is how I SSH to my remote Arch server from my local system.

ssh [email protected]

Here, sk is my remote Arch Linux server’s username, and is the Arch Linux IP address.

After running the above command, I got the following warning message.

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/sk/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/sk/.ssh/known_hosts:4
ECDSA host key for has changed and you have requested strict checking.
Host key verification failed.

I can’t SSH to the remote VM server. I tried to login with alternative username, but I got the same result as shown above. After a bit of googling, I understood that this error will occur if your system uses dynamic IP addressing. So, the above warning message will appear each time, whenever the remote server’s IP address changes. To permanently fix this error, you should use static IP address and add the host key only once.

The thing is we all don’t have static IP addresses, right? Buying a static IP address is not necessary for all of us, and it is expensive too. So, you can solve this error as described below. To work around this issue, first we need to update the cached ECDSA host key of your remote system in your local system’s known_hosts file. As you might know, usually, the host keys will be stored in the /home/yourusername/.ssh/known_hosts file.

To remove the cached key, use the following command:

$ ssh-keygen -R <remote-system-ip-address>

In our case, the remote system’s IP is, so let us use the following command to remove the host key from the “known_hosts” file.

$ ssh-keygen -R

Sample output:

# Host found: line 4
/home/sk/.ssh/known_hosts updated.
Original contents retained as /home/sk/.ssh/known_hosts.old


Now, try again to ssh to the remote system with command:

$ ssh [email protected]

Type ‘Yes’ and hit ENTER to update the host key of your remote system in your local system’s known_hosts file.

The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:UX/eJ3HZT9q6lzAN8mxf+KKAo2wmCVWblzXwY8qxqZY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
[email protected]'s password: 
Last login: Thu May 19 18:01:24 2016
[[email protected] ~]$

That’s it. Now, you will be able to ssh to your remote Arch Linux system without any problem. This method will work not only on Arch Linux, but also on other Linux distributions as well.

Hope this helps. If you find this guide useful, please share it on your social, professional networks and support OSTechNix. More good stuffs to come. Stay tuned!


Thanks for stopping by!

Help us to help you:

Have a Good day!!

You may also like...

3 Responses

  1. Jenn Stevens says:

    Thank You!

  2. Mike says:

    after typing yes, I recieved this:
    Warning: Permanently added ‘’ (ECDSA) to the list of known hosts.
    Permission denied (publickey,keyboard-interactive).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.