How To Fix “ECDSA host key” Warning Error In Arch Linux

I have deployed many virtual machines using Oracle VirtualBox for testing and learning purposes. One fine day, I tried to connect to one of my remote server that runs with Arch Linux via SSH.

Here is how I SSH to my remote Arch server from my local system.

ssh sk@192.168.1.102

Here, sk is my remote Arch Linux server’s username, and 192.168.1.102 is the Arch Linux IP address.

After running the above command, I got the following warning message.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:UX/eJ3HZT9q6lzAN8mxf+KKAo2wmCVWblzXwY8qxqZY.
Please contact your system administrator.
Add correct host key in /home/sk/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/sk/.ssh/known_hosts:4
ECDSA host key for 192.168.1.102 has changed and you have requested strict checking.
Host key verification failed.

I can’t SSH to the remote server. I tried using different username, but I got the same result as shown above. This error will occur if your system uses dynamic IP addressing. So, the above warning message will appear each time, whenever the remote server’s IP address changes. To permanently fix this error, you should use static IP address and add the host key only once.

We all don’t have static IP addresses, right? Buying a static IP address is not necessary for all of us, and it is expensive too. So, you can solve this error as described below. To work around this issue, first we need to update the cached ECDSA host key of your remote system in your local system’s known_hosts file. As you might know, usually, the host keys will be stored in the /home/yourusername/.ssh/known_hosts file.

To remove the cached key, use the following command:

ssh-keygen -R <remote-system-ip-address>

In our case, the remote system’s IP is 192.168.1.102, so let us use the following command to remove the host key from the known_hosts file.

ssh-keygen -R 192.168.1.102

Sample output:

# Host 192.168.1.102 found: line 4
/home/sk/.ssh/known_hosts updated.
Original contents retained as /home/sk/.ssh/known_hosts.old

Done!

Now, again try to ssh to the remote system with command:

ssh sk@192.168.1.102

Type ‘Yes’ and hit ENTER to update the host key of your remote system in your local system’s known_hosts file.

The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established.
ECDSA key fingerprint is SHA256:UX/eJ3HZT9q6lzAN8mxf+KKAo2wmCVWblzXwY8qxqZY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.102' (ECDSA) to the list of known hosts.
sk@192.168.1.102's password: 
Last login: Thu May 19 18:01:24 2016
[sk@server ~]$

That’s it. Now, you will be able to ssh to your remote Arch Linux system without any problem. This method will work not only on Arch Linux, but also on other Linux distributions too.

Hope this helps. If you find this guide useful, please share it on your social, professional networks and support OSTechNix.

Cheers!

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You may also like...