After fresh dietpi install, I've installed some software and reboot. Now ssh says: WARNING: REMOTE HOST IDENTIFICATION..

So I did a fresh install of DietPi and installed some software. Then It asked to reboot in order to make some new services to work.
But now when I do SSH it’s saying that:

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.

How do I know if someone is doing something nasty or if the host key has just been changed?

Thank you

I had this as well on a couple of testing VM’s the last weeks. Should be fine. There should be nobody who has access to your system as long as you don’t forward SSH port to internet.


I guess you installed OpenSSH as replacement for Dropbear SSH server, right? In this case the SSH host keys change:

It is also possible that a host key has just been changed.

in my case, nope

With testing VMs (when you reuse the same IPs) it is basically the same. The SSH client stores the host keys associated with the IPs/hostnames you used to connect to the SSH server. Hence when you spin up a new VM with the same IP/hostname, there is a mismatch and hence the warning.

indeed related to hostname change.

For all my installation, simply remove “known host” in /home/xxx/.ssh
Idem from windows 11 and fedora

What? No, do not remove all known host keys for all users on Linux clients. Instead do the following when using the OpenSSH client:

ssh-keygen -R hostname

Replace hostname with the IP or hostname you use to connect to the server with the changed host key. This removes the entry for this particular host for the current user. Then, when running again ssh username@hostname, it allows you to confirm the new key.

On Windows, all SSH clients I know allow to confirm a changed host key without having to remove it first.

I have the same problem using WebSSH app from any IOS devices, and it simply ask me to force the connection.
Although I can’t force the connection from my Mac OS ( using terminal).
Is there a way to solve it also from Mac OS?

If I’m not mistaken, you need to remove the SSH host key somewhere inside the MacOS. But I don’t know where exactly, as I don’t use Apple devices. Maybe you could ask your preferred search engine to look around.

The command given in my last post should work on macOS to forget the key for the particular hostname/IP you use to connect to DietPi.

thanks MichaIng .
With this command ssh-keygen -R hostname (changing hostname with the local IP) on the terminal in the mac now I can connect again with ssh.

Okay, that is great :slight_smile:.