Remote Host Identification Has Changed” SSH Error (ssh-keygen -R Explained)

If you’ve rebuilt a server and suddenly SSH refuses to connect with a “Remote Host Identification Has Changed” warning, don’t panic. This is a very common and expected situation when working with VPS servers, cloud instances, or rebuilt environments.

In this guide, I’ll explain what the error means, why it happens, and how to fix it safely using a single command.

What This SSH Error Means

When you connect to a server over SSH for the first time, your computer saves a fingerprint of that server’s identity. This fingerprint is stored locally so SSH can verify that you’re connecting to the same trusted server in the future.

If the server is rebuilt, reinstalled, or replaced—but keeps the same IP address—its fingerprint changes. When SSH notices this mismatch, it stops the connection and displays this warning to protect you from possible impersonation attacks.

In short:

Your computer remembers the old server
The server was rebuilt or replaced
SSH detects a mismatch and blocks the connection

This is normal behavior and a sign that SSH security is working as intended.

Common Reasons You’ll See This Error

You’ll usually encounter this message after:

Rebuilding or recreating a VPS
Deleting and recreating a cloud instance
Reinstalling the operating system
Restoring a server from a snapshot
Reusing the same IP address on a new server

If you expected the server to change, this warning is harmless.

The Fastest & Safest Fix

The fix is to remove the old fingerprint from your computer so SSH can trust the new one.

Run this command on your local machine (not the server):

ssh-keygen -R 1.1.1.1

Replace 1.1.1.1 with your server’s IP address or hostname.

What this command does:

Finds the stored fingerprint for that IP
Removes it from your local SSH records
Leaves everything else untouched

After running it, reconnect using SSH:

ssh -i your-key.pem username@1.1.1.1

Note

This SSH command format is commonly used on AWS (Lightsail / EC2) and other VPS providers that use key-based authentication.

Depending on your hosting provider:

Your SSH username may be different (for example: root, ubuntu, or bitnami)
You may not use a .pem key file at all
Some hosts allow password-based SSH instead of key files

Always refer to your hosting provider’s official SSH login details.

When prompted during reconnection, type yes to trust the new server fingerprint.

Where SSH Stores These Fingerprints (Windows)

On Windows, SSH stores known server fingerprints in this file:

C:\Users\YourUsername\.ssh\known_hosts

Each line represents a server you’ve connected to before.
The ssh-keygen -R command simply edits this file for you.

Remote Host Identification Has Changed” SSH Error (ssh-keygen -R Explained)

What This SSH Error Means

Common Reasons You’ll See This Error

The Fastest & Safest Fix

Note

Where SSH Stores These Fingerprints (Windows)

/ Recent WordPress Tutorials /

How to Lock WordPress to Your Domain in wp-config.php (Bitnami / AWS Fix)

How to Fix WordPress Images Loading From Server IP Instead of Domain (AWS + Bitnami + Elementor)

How to Access phpMyAdmin on AWS Lightsail (Secure Method)

How to SSH Into an Amazon Lightsail Server

How to Download Your PEM File in AWS Lightsail

Create an SSH Tunnel on AWS Lightsail (Bitnami)

How to Fix WordPress Images Loading From Server IP by Updating Site URL (AWS + Bitnami)

Wordfence 2FA Setup for WordPress (Free) | Secure Your Login the Right Way

How to Add Gradient Text in Elementor (No Plugins)

How to Build a Clean Dark & Light Theme System in Elementor (Without Per-Widget Styling)

About Manzari

Tutorials & Learning

WordPress Plugins

More from Manzari

Connect