AWS EC2: Resolving SSH "REMOTE HOST IDENTIFICATION HAS CHANGED" Error: What You Need to Know

Topic: Getting below error while trying to SSH in AWS EC2.

Error: 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ECDSA key sent by the remote host is

SHA256:****************************************

Please contact your system administrator.

Add correct host key in C:\\Users\\USERID/.ssh/known_hosts to get rid of this message.

Offending ECDSA key in C:\\Users\\USERID/.ssh/known_hosts:5

ECDSA host key for ec2-XX-XX-XXX-XX.compute-1.amazonaws.com has changed and you have requested strict checking.

Host key verification failed.

Quick Check: Check if you are using ec2-user or root user. If you are using root user, most likely you might get this issue. so replace it with ec2-user in SSH command. It should most likely fix the issue

Introduction:

Secure Shell (SSH) is a widely used protocol for secure remote access to servers. It utilizes cryptographic techniques to establish secure communication channels. However, when attempting an SSH connection, you might encounter an error message that says, "REMOTE HOST IDENTIFICATION HAS CHANGED." This error is an important security measure designed to protect against potential man-in-the-middle attacks or unauthorized changes to the remote server. In this blog post, we will explore the causes behind this error and provide step-by-step instructions to resolve it.

Understanding the Error:

The "REMOTE HOST IDENTIFICATION HAS CHANGED" error occurs when the SSH client detects a change in the host key fingerprint of the remote server. The host key is used to verify the server's identity during the SSH handshake process. If the client detects a different host key from the one previously recorded in the known_hosts file, it raises a warning to prevent potential security breaches.

Resolving the Error:

To resolve the "REMOTE HOST IDENTIFICATION HAS CHANGED" error and establish a secure SSH connection, follow these steps:

1. Locate the known_hosts file: The known_hosts file stores the host keys of previously connected servers. The file's location depends on your operating system and SSH client. In this example, we'll assume the known_hosts file is located at `C:\\Users\\user/.ssh/known_hosts`.

2. Open the known_hosts file: Use a text editor to open the known_hosts file. You may need administrative privileges to modify the file.

3. Identify the affected host: In the error message, note the hostname or IP address of the remote server for which the host key has changed. Look for this entry in the known_hosts file.

4. Remove or comment out the entry: Delete or comment out the line containing the entry for the affected host. This ensures that the SSH client will not consider the old host key for that server.

5. Save the changes: Save the modified known_hosts file.

6. Retry the SSH connection: Attempt the SSH connection to the remote server again. The client will now accept the new host key and establish the connection.

Note of Caution:

While resolving the "REMOTE HOST IDENTIFICATION HAS CHANGED" error allows you to connect to the remote server, it's crucial to exercise caution. Ensure that the host key change is legitimate and not the result of a security breach. If you suspect any unauthorized activity or tampering, investigate the situation thoroughly and take appropriate actions to address potential security risks.