Addressing the Issue “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!” when SSH to Raspberry Pi

Addressing the host key inconsistency issue when using the same IP address in multiple OSes instances.

When using a Raspberry Pi board with switching between multiple SD cards (i.e. multiple OSes instances), you are likely to see a warning message that stops you from connecting to the Raspberry Pi system with the same IP address via SSH as shown follows:

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /Users/host/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/host/.ssh/known_hosts:12
ECDSA host key for has changed and you have requested strict checking.
Host key verification failed.

As it indicates, the host keys are different in the OSes installed in different SD cards, which is normal.
There are two ways to solve this issue described below.

[Workaround] Deleting the existing host key

A quick workaround is to delete the existing key associated to the IP address that the Raspberry Pi board is given/configured.
To do so, run the following command in your terminal:

ssh-keygen -R

where the IP address should be replaced with your Raspberry Pi board’s IP address.
Then the following message should pop up indicating the success of removing the existing key.

# Host found: line 12
/Users/host/.ssh/known_hosts updated.
Original contents retained as /Users/host/.ssh/known_hosts.old

Now you can connect to your Raspberry Pi via SSH again and it should store the new key.

[Solution] Add host keys to the known host list

Alternatively (or say a better solution) is to add all the keys from different OSes to the known host list, as suggested in this page.

Was this post helpful?

Leave a Reply

Your email address will not be published.