Clearing the error "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"

Sometimes you'll encounter an error message when trying to tunnel to a certain hutch machine using SSH. The following error message is displayed after your tunneled connection is refused:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.

This is one of the simple ways to get rid of the problem if the host key has changed (as mentioned in the bottom line of the error message; very very common).

Step-by-step guide

Before you start, note which machine and username you were using when you encountered the issue, and also note the machine to which you were trying to tunnel. (Note that if you see this problem when trying to use VNC to view a remote Windows laptop or oscilloscope (etc.), the VNC runs on mec-daq, so the error comes from trying to tunnel to mec-daq.)

1. Open a new terminal and log in using the particular username and machine from which you encountered the issue described above. For example, if you saw this error when you were trying to tunnel as efcunn from mec-laser to mec-hutch02, then you would log in as efcunn on mec-laser.
2. Type cd ~/.ssh


   1. In this directory (check its contents by typing ls as I've shown above) is a file called known_hosts. Inside this file, there are many lines of authentication gibberish for each machine to which you've tunneled previously. The problem above arises when something about the machine/connection changes so that the authentication gibberish doesn't match anymore. The error is thrown because this authentication mismatch could be symptomatic of a "man-in-the-middle" attack where someone pretends to be the machine you're trying to access for the purposes of eavesdropping on your communication.... or something like that (full disclaimer: I'm just a laser guy).
3. Open the file known_hosts using your favorite text editor – vim, emacs, gedit, etc. For example, this can be done by typing gedit known_hosts &




4. Locate the line of the file that contains the name of the machine to which you are unable to tunnel. For example, if you had seen the error when trying to tunnel to mec-hutch02, then you would look for mec-hutch02. (Note again, if you has seen this error while trying to use VNC, then you would look for mec-daq (as of January 2022).)
   
5. Delete the entire row (depending on the size of your window, it might wrap around to the next row on your screen, so you'd look for the next line that contains a new name of a computer or new IP address to tell that a new line was starting) so that there is no more entry in the file containing the name of the unreachable computer. Be sure to save the file and exit the program after that.
6. Having exited the text editor, return to the command terminal and try again to tunnel to the machine of interest. If you've had any luck, the terminal should tell you that it's adding the machine as a new "known host" and then it should complete your tunneling connection – problem solved! If this doesn't work, please seek professional assistance

Related articles

• Page:
  Remote access session on NoMachine or FastX (and add aliases to your .bashrc file)
• Page:
  Fully power down the SPL
• Page:
  Cold start the SPL
• Page:
  How to make a new recipe for the LPL
• Page:
  New big compressor alignment procedure