What to do when you try to connect to SSH and get a very scary warning


It is a story when I tried to connect SSH after a long time to the EC2 instance that had been running for about six months.

I got a very scary warning and knocked it down, so I'll make a note of the cause and solution for the next time I come across it.

In conclusion, it was a warning that didn't need to be so bibi.

A very scary warning

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /var/root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /var/root/.ssh/known_hosts:5
ECDSA host key for ********.amazonaws.com has changed and you have requested strict checking.
Host key verification failed.

If you excerpt some of them and translate them into Japanese,

Someone could be doing something nasty!
Someone could be eavesdropping on you now (man-in-the-middle attack)!


What caused it?

Above, I translated only the scary part into Japanese, so even under it

It is also possible that the host key has just changed.
Contact your system administrator.
To get rid of this message, add the correct host key known_hosts /var/root/.ssh/.
/var/root/.ssh/known_hosts:5 problem ECDSA keys
The amazonaws.com's ECDSA host key has been changed to require strict checks.
Host key validation failed.

In short, the host key stored locally is different from the server's! That's him.

The SSH connection stores the public key of the destination locally on the first connection, and compares the public key from next time to see if it connected to the sam
e host as the previous one. Therefore, if the public key changes due to re-ip address or OS reinstall, such an error message seems to come out.

So, when I thought about my idea, I played around with it for various verifications, such as testing auto-stop and auto-start, turning on elasticIP and erasing it, so it seems that the IP of the instancehas changed.

someone may be eavesdropping on you now

It was said, and it was super impatient w


The local public key and the server are different, so you can delete the local one because you are complaining.

The local public key used for SSH connections can be known_hosts in ~/.ssh/known_hosts.

You can open it with vi or something like that and delete the appropriate part, but if you make a mistake and delete it again, it may be troublesome again, so let's delete it with the command.

$ ssh-keygen -R <対処のホスト名>
# Host example.com found: line 5 type RSA
/Users/salad/.ssh/known_hosts updated.</対処のホスト名>
Original contents retained as /Users/salad/.ssh/known_hosts.old

This solves it.