SSH and SFTP Connection Errors
Have issues connecting via SSH or SFTP? If you’re getting an error like the one below, it’s often due to a mismatch in the SSH key fingerprint. This typically happens when the server’s IP address or SSH fingerprint has changed, but your local known_hosts file still stores the old one.
For example, if you push one environment to another, such as staging to live, a new SSH key fingerprint is generated. Since the known_hosts file is used to verify SSH and SFTP connections, the mismatch can block the connection.
To resolve this, you’ll need to remove the outdated entry from your known_hosts file and reconnect to accept the new fingerprint.
[user@hostname ~]$ ssh root@user
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx.
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for user has changed and you have requested strict checking.
Host key verification failed.Can’t connect via SSH or SFTP – Delete SSH known_hosts
If you’re having trouble connecting, first ensure you are using the correct password. You can always change your SFTP and or SSH password from within MyKinsta.
If the issue persists, follow the directions below to delete entries from your known_hosts file.
Mac or Linux
- Open up Terminal and edit your known_hosts file in nano text editor with the following command:
nano ~/.ssh/known_hosts- Remove all entries that start with your site’s Host IP address (found in the SFTP/SSH section on your site’s Info tab in MyKinsta). You can delete each line that you need to remove with Ctrl+k.
- Then save the document (Ctrl+x). When prompted, answer Y for yes and do not change the file name (just hit return when prompted for the file name to confirm and keep the current name).
Windows
If you are on Windows, there are two different methods for clearing the IP address entries depending on your SSH client.
- If you use the native OpenSSH client built into Windows or Git, you need to delete entries in the
known_hostsfile. - If you use the PuTTY SSH client or similar, it stores the credentials and IP in the registry.
If you’re not sure which SSH client you’re using, check if the error message contains known_hosts in the file path, for example, C:\Users\Username\.ssh\known_hosts. If it does, this means you are using an OpenSSH client.
OpenSSH client
- Browse to the file path in the error message, for example,
C:\Users\Username\.ssh\, and locate theknown_hostsfile. This file may be hidden, so you may need to ensure Show hidden files, folders, and drives is selected in your file explorer settings. - Identify the IP address and port for the site you are trying to connect to by looking for the specific IP address and port within the error message. You can also find the IP address within the SFTP/SSH section on your site’s Info tab in MyKinsta. For example,
[34.64.255.111]:48129. - Remove all entries that start with your site’s IP address from the
known_hostsfile. You can do this by manually editing the file within a text editor, or by using thessh-keygen -Rcommand, for example:ssh-keygen -R [hostname_or_IP]or
ssh-keygen -R "[IP]:[Port]"
PuTTY SSH client
- Launch regedit from your start menu. The example below is using Windows 10.
Windows regedit - Browse to the following directory:
HKEY_CURRENT_USERSoftWareSimonTathamPuTTYSshHostKeys
SshHostKeys - Remove all entries that end with your site’s Host IP address (found in the SFTP/SSH section on your site’s Info tab in MyKinsta).