Linux Commands

What Does “Host Key Verification Failed” Mean?

While using ssh server, one of the common errors you’ll encounter is “Host key verification failed”. To understand why this error occurs, let’s first understand how ssh establishes a connection.

When you attempt to connect to a remote server, the server asks you to confirm if you are trying to establish connection to the right server.

If you type “yes”, the client will add the public host key to the “.ssh/known_hosts” file. Once the remote server’s key is added, the next time you try to connect to the same server, the client will compare the keys with the keys stored in the “known_hosts” file.

You will not be prompt with any warning if the key is present in the “known_hosts” file. The server will be connected right away.

Why the “Host key verification failed” Error Occurs

The primary reason that causes the “Host key verification failed” error is that the remote host key has been changed and no longer the same as stored in the “known_hosts” file. The key usually changes when servers are rebuilt, and you get an error as shown below:

How to Fix the “Host key verification failed” Error

To fix this error, we need to delete the offending key from the “known_hosts” file present in our system in “.ssh” directory. The error gives you the remote server’s IP address and the line number on which the key is stored in the “known_hosts” file.

In the above error, “/home/user/.ssh/known_hosts:7”, the “:7” is the offending line number. Multiple approaches to fix this error are listed below:

Method 1:

The first method to fix this error is using the “sed” command. The “sed” command is used to modify the text files to search, add or delete something from the files. We are using it to delete the offending host:

$ sed -i '7d' ~.ssh/known_hosts

Where “7” is the line number shown in the above error, your line number might be different; ensure that you use the correct line number. The command will delete the offending line from the “known_hosts” file and resolve the issue.

Method 2:

The second approach is opening the “known_hosts” file in any editor:

$ nano .ssh/known_hosts

And manually delete the offending line and save the file.

Method 3:

The third method is removing the server using the “ssh-keygen” command. Follow the syntax mentioned below:

$ ssh-keygen -R [IP_ADDRESS]

For instance, to remove the host key of “192.168.10.116”, use:

$ ssh-keygen -R 192.168.10.116

Conclusion

The host key verification error occurs when the key of the remote server changes and client does not verify it from the stored keys. Server keys are stored in the “known_hosts” file on the client-side, and upon establishing the connection, the client verifies the key by comparing it with the keys stored in the “known_host” file and upon failing, you get a “Host key verification failed” error.

To rectify this, remove the offending host from the “known_hosts” file. This guide mentioned three different methods to remove the offending host and any method can be used to resolve this error.

About the author

Sam U

I am a professional graphics designer with over 6 years of experience. Currently doing research in virtual reality, augmented reality and mixed reality.
I hardly watch movies but love to read tech related books and articles.