Skip to main content

Fix SSH host key verification failed error

Remove outdated SSH fingerprints and reconnect safely after a server IP or host change.

Teodor avatar
Written by Teodor
Updated over a month ago

When connecting to a VPS via SSH you may see a warning saying that the remote host identification has changed. This usually appears after a VPS reinstall rebuild or IP reuse. SSH blocks the connection to protect you until the stored host key is updated.

Below is a safe step by step guide using generic values that work on Windows Linux and macOS.

Why this error happens

SSH stores a fingerprint for each server you connect to inside a local file called known_hosts.


If the server’s SSH key changes but your system still has the old fingerprint SSH assumes a potential security risk and refuses the connection.

This is expected after actions like:

  • Reinstalling the operating system

  • Rebuilding the VPS

  • Reusing an IP address previously assigned to another server

Before you continue

Confirm that you are connecting to the correct VPS and that the change was intentional.


If the warning appears without any known server changes stop and investigate before proceeding.

Fix on Windows

These steps apply when using OpenSSH via PowerShell or Command Prompt.

Step 1 – Open PowerShell

Open PowerShell as your normal user.

Step 2 – Remove the old host key

ssh-keygen -R <server_ip>

Replace <server_ip> with your VPS IP address.
This removes only the stored key for that specific server.

Step 3 – Connect again

ssh root@<server_ip>

When prompted confirm the new fingerprint by typing yes.

Fix on Linux

Linux uses the same OpenSSH tools and file structure.

Step 1 – Remove the old key

ssh-keygen -R <server_ip>

Step 2 – Reconnect to the server

ssh root@<server_ip>

Accept the new host key to continue.

Fix on macOS

macOS also relies on OpenSSH so the process is identical.

Step 1 – Remove the stored key

ssh-keygen -R <server_ip>

Step 2 – Connect again

ssh root@<server_ip>

Confirm the new fingerprint when asked.

Manual method if the command fails

If the automatic removal command does not work you can edit the file manually.

Step 1 – Open the known_hosts file

nano ~/.ssh/known_hosts

Step 2 – Remove the offending entry

Delete the line that contains <server_ip> then save and exit the editor.

Step 3 – Reconnect via SSH

SSH will prompt you to trust the new key.

Security note

This warning is a protection feature not a malfunction.
Only remove host keys when you are certain the server was rebuilt or replaced.
Unexpected warnings should always be treated as a potential security issue.

Once the old key is removed SSH access will work normally again.

Related Articles
Fix PuTTY “Connection timed out” when noVNC works
Security hardening and firewall setup for cPanel
Connect to your LumaDock VPS using SSH
Did this answer your question?