SSH and SFTP Connection Errors

Have issues connecting via SSH or SFTP? If you’re getting an error like the one below, this usually happens because the IP address or the SSH key fingerprint has changed (often due to a server update), and the old one is still stored in your known_hosts file. The known_hosts is used for SSH and SFTP connections.

[user@hostname ~]$ ssh root@user
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx.
Please contact your system administrator.
Add correct host key in /home/hostname /.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for user has changed and you have requested strict checking.
Host key verification failed.

Can’t connect via SSH or SFTP – Delete SSH known_hosts

If you’re having trouble connecting, first ensure you are using the correct password. You can always change your SFTP and or SSH password from within MyKinsta.

If the issue persists, follow the directions below to delete entries from your known_hosts file.

• Delete entries from known_hosts file on Mac or Linux
• Delete entries from known_hosts file on Windows

Mac or Linux

1. Open up Terminal and edit your known_hosts file in nano text editor with the following command:

nano ~/.ssh/known_hosts

2. Remove all entries that start with your site’s Host IP address (found in the SFTP/SSH section on your site’s Info tab in MyKinsta). You can delete each line that you need to remove with Ctrl+k.
3. Then save the document (Ctrl+x). When prompted, answer Y for yes and do not change the file name (just hit return when prompted for the file name to confirm and keep the current name).

Windows

If you are on Windows, there are two different methods for clearing the IP address entries depending on your SSH client.

• If you use the native OpenSSH client built into Windows or Git, you need to delete entries in the known_hosts file.
• If you use the PuTTY SSH client or similar, it stores the credentials and IP in the registry.

If you’re not sure which SSH client you’re using, check if the error message contains known_hosts in the file path, for example, C:\Users\Username\.ssh\known_hosts. If it does, this means you are using an OpenSSH client.

OpenSSH client

1. Browse to the file path in the error message, for example, C:\Users\Username\.ssh\, and locate the known_hosts file. This file may be hidden, so you may need to ensure Show hidden files, folders, and drives is selected in your file explorer settings.
2. Identify the IP address and port for the site you are trying to connect to by looking for the specific IP address and port within the error message. You can also find the IP address within the SFTP/SSH section on your site’s Info tab in MyKinsta. For example, [34.64.255.111]:48129.
3. Remove all entries that start with your site’s IP address from the known_hosts file. You can do this by manually editing the file within a text editor, or by using the ssh-keygen -R command, for example:
   Copy

   ssh-keygen -R [hostname_or_IP]

   or

   Copy

   ssh-keygen -R "[IP]:[Port]"

PuTTY SSH client

1. Launch regedit from your start menu. The example below is using Windows 10.

   

2. Browse to the following directory:
   HKEY_CURRENT_USERSoftWareSimonTathamPuTTYSshHostKeys

   

3. Remove all entries that end with your site’s Host IP address (found in the SFTP/SSH section on your site’s Info tab in MyKinsta).