SSH “Server Key Changed” Error and How to Fix It

I’ve come across the following SSH server key error a handful of times while working within my local environments and every time I’ve had to look up what it is and how to get around it. So naturally I’ve decided to put the answer here so I have it easier the next time this happens.

The Error

Here’s the error I keep getting when trying to open up a local MySQL server using Navicat:

The server key has changed. Either you are under attack or the administrator changed the key.

Similar issues can happen in other programs that utilize SSH like PuTTY or FileZilla (via SFTP) but I’ve only experienced it in Navicat on a Mac recently so that’s what I’m detailing here. If you have more details I could add for other environments or programs, definitely get in touch using the links at the bottom of this post!

Why It’s Happening

When establishing an SSH connection, the server sends its public key to the client to authenticate that it is who it claims to be. When you accept the connection, this public key gets stored in your local ~/.ssh/known_hosts file (there’s also a system-wide file at /etc/ssh/known_hosts). The next time you attempt to connect to that same server, you’ll get a warning if the public key has changed from the one that was stored. This can happen for several valid reasons like server maintenance or IP/hostname changes, you get the warning because it could also be a potential security breach.

For my local server situation, I realized I have more than one server that refers to MySQL at localhost (127.0.0.1). Each server has it’s own unique public key so each time I connect to one and then attempt to connect to the other I get this error because the keys don’t match.

How to Fix It

  • A reminder to remain vigilant about security, especially if you’re experiencing this with a remote SSH connection. In my case since it’s a local development environment so I know I’m in the clear.
  • Open up ~/.ssh/known_hosts, each line in that file is an individual known host record. Find the one associated with the server you’re having issues with. If you’re having trouble finding the proper line to remove, the error you get will likely reference the public key that you can then search for in this file.
  • Remove the public key record that is causing the issue. For me, it’s the one that starts with 127.0.0.1.
  • A more robust solution to this is to change my local servers to point to unique IP addresses so this doesn’t keep happening, but that’s a problem for future Steve to deal with.

Have some thoughts or feedback about this blog post?

Get a conversation started on LinkedIn or Twitter