Fix: The Authenticity of Host Can’t Be Established
Updating your SSH software should do the trick here
- The unable to establish the authenticity of the host issue can be due to incorrect or reconfigured keys.
- One quick and effective solution to this problem is to flush the DNS cache.
- Skipping HostKey checking is another excellent fix to try.
If you are connecting to a server via SSH for the first time, you are likely to get unable to establish the authenticity of host error. This occurs because your SSH client does not recognize the server.
However, this problem can still occur due to various factors like a man-in-the-middle attack. Irrespective of the cause of the issue, you can fix it with the simple yet effective solutions in this guide.
Why am I unable to establish the authenticity of a host?
Listed below are some of the reasons you might be getting unable to establish the authenticity of host error on the remote server you are trying to connect to:
- First-time connection – If you are connecting to a server with your SSH client for the first time, you will surely get this error. This is a form of security alert required for the verification and authentication of the connection.
- Wrong remote key – In some cases, this error might be due to an incorrect host key. This might be because the public key has been changed (via an update) or compromised.
- Availability of multiple host keys – If the server host key is of different types, you might encounter this error. This is because ECDSA might be the one required, while the one in the known host is RSA.
- Man-in-middle attack – If you are getting this issue in subsequent connections with a known host, it might be due to an attacker listening in between your connection with the host.
Now that we know the causes of this error, let’s fix it using the solutions below.
How can I verify and validate the host key?
- Check the first word on the second line of the unable to establish the authenticity of the host prompt for the SSH key algorithm.
- Next, check the first few characters of the fingerprint to determine the hash. It is usually SHA256 or MD5.
- Now, sign in to your remote server and run the following commands depending on the hash: For SHA256:
ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub
For MD5:ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ed25519_key.pub
- Finally, compare the fingerprint with what you see when you open an SSH connection on your device. If it is the same, you can continue with the connection. Else, cancel the connection and report the issue.
How can I fix the authenticity of host can’t be established error?
Before proceeding to the fixes in this section, try the following troubleshooting steps:
- Check network connection
- Upgrade SSH software
- Make sure -SSH/known_host is writable
If the issue persists, you can now proceed to the detailed solutions below:
1. Skip HostKey checking
This is one of the easiest ways to fix the unable to establish the authenticity of host error. However, it is highly risky, as it basically removes the alert and exposes your PC if the prompt is caused by a man-in-the-middle attack.
But if you are sure the error message is because the host key was updated or reconfigured, add the entry below in the known_host file: $ ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected]
This creates a null verification file and helps you bypass the security alert. To set this up permanently for the current user, add the above entry to the ~/.ssh/config file.
Finally, add it to the /etc/ssh/ssh_config file instead to apply it to all users.
2. Verify the remote host
In some cases, this issue might be because the host key is wrong or not functional. Also, the server itself might not be legit.
In this case, you need to perform an SSH host key verification to be sure the key is correct and ensure the server is not compromised.
To do this, run the command below (change website with the actual domain or IP): ssh-keyscan website.com
Expert tip:
SPONSORED
Some PC issues are hard to tackle, especially when it comes to missing or corrupted system files and repositories of your Windows.
Be sure to use a dedicated tool, such as Fortect, which will scan and replace your broken files with their fresh versions from its repository.
This command will show the remote host’s public key on your terminal. You can now compare the public key with the one provided by the server admin or in the known_hosts file.
3. Remove the old host key
If the unable to establish the authenticity of host CA error is due to changes made to the key, you need to remove the old key.
To do this, run the command below (change website with the actual domain or IP): ssh-keygen -R website.com
This will remove the old key from your known_hosts file and fix the issue.
4. Flush DNS cache
- Press the Windows key + S, type cmd, and select Run as administrator under Command Prompt.
- Type the command below and hit Enter:
ipconfig/flushdns
- Finally, wait for the command to finish running and try the connection again.
At times, the unable to establish the authenticity of host issue might be caused by a misconfigured DNS host. To fix this, you need to flush the DNS cache and restart the connection.
Are there any risks associated with clearing known hosts?
The known_hosts file holds all your trusted keys and should not be wiped. But if you clear the file, it shouldn’t cause any issues.
You might only encounter the unable to establish the authenticity of host error on subsequent connections to a trusted server.
However, the file will be recreated automatically after you connect to another remote host with an SSH client.
How can I prevent host authenticity problems in the future?
The unable to establish the authenticity of host issue is normal when you are connecting to a server for the first time. So, you shouldn’t disable the security alert, ideally.
However, to prevent this error on trusted servers, especially on subsequent connections, make sure the host is not compromised, and you are connecting to the correct and updated key.
We have reached the end of this guide on how to fix the unable to establish the authenticity of host issue. This prompt is a normal security alert in most cases but can also mean the remote host has been compromised.
Like the bad owner or permissions on the SSH config issue, this problem can be solved by running a few commands.
Also, if you are getting the error when connecting to a server for the first time, know that it is something normal. So, you can just select the Yes option if you trust the server.
To wrap it up, if you want to know how to install RSAT on Windows 11, check our detailed guide on the topic.
Still experiencing issues?
SPONSORED
If the above suggestions have not solved your problem, your computer may experience more severe Windows troubles. We suggest choosing an all-in-one solution like Fortect to fix problems efficiently. After installation, just click the View&Fix button and then press Start Repair.