SSH: Host key verification failed
Diagnose and resolve 'Host key verification failed' when the server's SSH fingerprint does not match the known_hosts entry.
SSH produces "Host key verification failed" when the server's host key fingerprint does not match the fingerprint stored in the client's
~/.ssh/known_hostsfile.
When SSH Produces This Error
SSH displays a warning starting with "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" followed by "Host key verification failed" when connecting to a server whose host key differs from the previously recorded value.
What Causes "Host key verification failed" in SSH
The server was reinstalled, reimaged, or replaced with a new machine at the same IP address. The new server generates a new host key pair that does not match the old fingerprint stored in
~/.ssh/known_hosts.
A man-in-the-middle (MITM) attack is intercepting the connection. An attacker between the client and server presents a different host key. This is the reason SSH displays this warning prominently — the changed key may indicate a security threat.
How to Fix "Host key verification failed" in SSH
Verify the key change is legitimate— confirm with the server administrator that the server was reinstalled or the key was rotated.
Remove the old host key entry from
known_hosts:
ssh-keygen -R 203.0.113.50- Connect again — SSH prompts to accept the new host key:
ssh user@203.0.113.50Type
yes to accept and store the new fingerprint.
How to Verify the Fix
SSH connects without the verification warning and the new key is stored in
~/.ssh/known_hosts.
Related SSH Errors
SSH: Permission denied (publickey)— authentication fails after the host key is accepted.