WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

I re-install the server and want to login in the server use ssh key. It shows:

17:03:19 ----------------------------------------
17:03:19 Equivalent Command: ssh -tt -F "/Users/xxxxx/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/config" -i "/Users/xxxxx/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa_xxx" -o ConnectTimeout=15 -o ExitOnForwardFailure=yes -o ServerAliveInterval=15 -o ServerAliveCountMax=3 -o CheckHostIP=no -p xxxxx xxxxx@xxx.xxx.xxx.xxx
17:03:19 Connecting…
17:03:20 Authenticating…
17:03:20 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
17:03:20 @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
17:03:20 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
17:03:20 IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
17:03:20 Someone could be eavesdropping on you right now (man-in-the-middle attack)!
17:03:20 It is also possible that a host key has just been changed.
17:03:20 The fingerprint for the ECDSA key sent by the remote host is
SHA256:POzEYe/7+n1CoGCZftkN+olz960k46Fn3MEpQev/znE.
17:03:20 Abnormal Disconnect

The dubug3 log:

17:03:40 ----------------------------------------
17:03:40 Equivalent Command: ssh -tt -F "/Users/xxxxx/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/config" -i "/Users/xxxxx/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa_xxx" -vvv -o ConnectTimeout=15 -o ExitOnForwardFailure=yes -o ServerAliveInterval=15 -o ServerAliveCountMax=3 -o CheckHostIP=no -p xxxxx xxxxx@xxx.xxx.xxx.xxx
17:03:40 Connecting…
17:03:40 OpenSSH_7.9p1, OpenSSL 1.0.2q 20 Nov 2018
17:03:40 debug1: Reading configuration data /Users/xxxxx/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/config
17:03:40 debug2: resolve_canonicalize: hostname xxx.xxx.xxx.xxx is address
17:03:40 debug2: ssh_connect_direct
17:03:40 debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port xxxxx.
17:03:40 debug2: fd 3 setting O_NONBLOCK
17:03:41 debug1: fd 3 clearing O_NONBLOCK
17:03:41 debug1: Connection established.
17:03:41 debug3: timeout: 14020 ms remain after connect
17:03:41 debug1: identity file /Users/xxxxx/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa_xxx type -1
17:03:41 debug1: identity file /Users/xxxxx/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa_xxx-cert type -1
17:03:41 debug1: Local version string SSH-2.0-OpenSSH_7.9
17:03:41 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
17:03:41 debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
17:03:41 debug2: fd 3 setting O_NONBLOCK
17:03:41 debug1: Authenticating to xxx.xxx.xxx.xxx:xxxxx as 'xxxxx'
17:03:41 debug3: put_host_port: [xxx.xxx.xxx.xxx]:xxxxx
17:03:41 debug3: hostkeys_foreach: reading file "/Users/xxxxx/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/known_hosts"
17:03:41 debug3: record_hostkey: found key type ECDSA in file /Users/xxxxx/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/known_hosts:8
17:03:41 Authenticating…
17:03:41 debug3: load_hostkeys: loaded 1 keys from [xxx.xxx.xxx.xxx]:xxxxx
17:03:41 debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
17:03:41 debug3: send packet: type 20
17:03:41 debug1: SSH2_MSG_KEXINIT sent
17:03:41 debug3: receive packet: type 20
17:03:41 debug1: SSH2_MSG_KEXINIT received
17:03:41 debug2: local client KEXINIT proposal
17:03:41 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
17:03:41 debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
17:03:42 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
17:03:42 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
17:03:42 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
17:03:42 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
17:03:42 debug2: compression ctos: none,zlib@openssh.com,zlib
17:03:42 debug2: compression stoc: none,zlib@openssh.com,zlib
17:03:42 debug2: languages ctos:
17:03:42 debug2: languages stoc:
17:03:42 debug2: first_kex_follows 0
17:03:42 debug2: reserved 0
17:03:42 debug2: peer server KEXINIT proposal
17:03:42 debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
17:03:42 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
17:03:42 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
17:03:42 debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
17:03:42 debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
17:03:42 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
17:03:42 debug2: compression ctos: none,zlib@openssh.com
17:03:42 debug2: compression stoc: none,zlib@openssh.com
17:03:42 debug2: languages ctos:
17:03:42 debug2: languages stoc:
17:03:42 debug2: first_kex_follows 0
17:03:42 debug2: reserved 0
17:03:42 debug1: kex: algorithm: curve25519-sha256
17:03:42 debug1: kex: host key algorithm: ecdsa-sha2-nistp256
17:03:42 Abnormal Disconnect

According to the related topic. I execute ssh -R remote_server and also remove the known_hosts, it doesn't work.

I use iTerm2 and Royal TSX, it works too. I think this limitation is so bad. I don't want to switch with multiple tools.

Thanks.

If you didn't activate Core Helper, then the known_hosts actually locates at here:

image

Click on Edit File to make modification on it directly.

Thanks. It works. I edit the known_hosts located in the ~/.ssh directory wrongly.

I would like Core SSH asking me about accepting a new host key with pop-up window, because I sure what I do and why host's key were changed (rescue system boot for example).

It is already supported, just set UpdateHostKeys to ask:

2 posts were split to a new topic: Global settings for UpdateHostKeys and ForwardAgent