Fix: The Authenticity of Host Can’t Be Established

Updating your SSH software should do the trick here

Reading time icon 6 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Key notes

  • The unable to establish the authenticity of the host issue can be due to incorrect or reconfigured keys.
  • One quick and effective solution to this problem is to flush the DNS cache.
  • Skipping HostKey checking is another excellent fix to try.
unable to establish authenticity of host

If you are connecting to a server via SSH for the first time, you are likely to get unable to establish the authenticity of host error. This occurs because your SSH client does not recognize the server.

However, this problem can still occur due to various factors like a man-in-the-middle attack. Irrespective of the cause of the issue, you can fix it with the simple yet effective solutions in this guide.

Why am I unable to establish the authenticity of a host?

Listed below are some of the reasons you might be getting unable to establish the authenticity of host error on the remote server you are trying to connect to:

  • First-time connection – If you are connecting to a server with your SSH client for the first time, you will surely get this error. This is a form of security alert required for the verification and authentication of the connection.
  • Wrong remote key – In some cases, this error might be due to an incorrect host key. This might be because the public key has been changed (via an update) or compromised. 
  • Availability of multiple host keys – If the server host key is of different types, you might encounter this error. This is because ECDSA might be the one required, while the one in the known host is RSA.
  • Man-in-middle attack – If you are getting this issue in subsequent connections with a known host, it might be due to an attacker listening in between your connection with the host.

Now that we know the causes of this error, let’s fix it using the solutions below.

How can I verify and validate the host key?

  1. Check the first word on the second line of the unable to establish the authenticity of the host prompt for the SSH key algorithm.
    ssh unable to establish authenticity of host
  2. Next, check the first few characters of the fingerprint to determine the hash. It is usually SHA256 or MD5.
    fingerprint
  3. Now, sign in to your remote server and run the following commands depending on the hash: For SHA256: ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub For MD5: ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ed25519_key.pub
  4. Finally, compare the fingerprint with what you see when you open an SSH connection on your device. If it is the same, you can continue with the connection. Else, cancel the connection and report the issue.

How can I fix the authenticity of host can’t be established error?

Before proceeding to the fixes in this section, try the following troubleshooting steps:

  • Check network connection
  • Upgrade SSH  software
  • Make sure -SSH/known_host is writable

If the issue persists, you can now proceed to the detailed solutions below:

1. Skip HostKey checking

This is one of the easiest ways to fix the unable to establish the authenticity of host error. However, it is highly risky, as it basically removes the alert and exposes your PC if the prompt is caused by a man-in-the-middle attack.

But if you are sure the error message is because the host key was updated or reconfigured, add the entry below in the known_host file: $ ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" user@host

This creates a null verification file and helps you bypass the security alert. To set this up permanently for the current user, add the above entry to the ~/.ssh/config file.

Finally, add it to the /etc/ssh/ssh_config file instead to apply it to all users.

2. Verify the remote host

In some cases, this issue might be because the host key is wrong or not functional. Also, the server itself might not be legit.

In this case, you need to perform an SSH host key verification to be sure the key is correct and ensure the server is not compromised.

To do this, run the command below (change website with the actual domain or IP): ssh-keyscan website.com

This command will show the remote host’s public key on your terminal. You can now compare the public key with the one provided by the server admin or in the known_hosts file. 

3. Remove the old host key

If the unable to establish the authenticity of host CA error is due to changes made to the key, you need to remove the old key.

To do this, run the command below (change website with the actual domain or IP): ssh-keygen -R website.com

This will remove the old key from your known_hosts file and fix the issue.

4. Flush DNS cache

  1. Press the Windows key + S, type cmd, and select Run as administrator under Command Prompt.
    cmd admin
  2. Type the command below and hit Enter: ipconfig/flushdnsipconfig
  3. Finally, wait for the command to finish running and try the connection again.

At times, the unable to establish the authenticity of host issue might be caused by a misconfigured DNS host. To fix this, you need to flush the DNS cache and restart the connection. 

Are there any risks associated with clearing known hosts?

The known_hosts file holds all your trusted keys and should not be wiped. But if you clear the file, it shouldn’t cause any issues.

You might only encounter the unable to establish the authenticity of host error on subsequent connections to a trusted server. 

However, the file will be recreated automatically after you connect to another remote host with an SSH client.

How can I prevent host authenticity problems in the future?

The unable to establish the authenticity of host issue is normal when you are connecting to a server for the first time. So, you shouldn’t disable the security alert, ideally.

However, to prevent this error on trusted servers, especially on subsequent connections, make sure the host is not compromised, and you are connecting to the correct and updated key.

We have reached the end of this guide on how to fix the unable to establish the authenticity of host issue. This prompt is a normal security alert in most cases but can also mean the remote host has been compromised.

Like the bad owner or permissions on the SSH config issue, this problem can be solved by running a few commands.

Also, if you are getting the error when connecting to a server for the first time, know that it is something normal. So, you can just select the Yes option if you trust the server.

To wrap it up, if you want to know how to install RSAT on Windows 11, check our detailed guide on the topic.

More about the topics: server

User forum

0 messages