Share this article

Improve this guide

Fix: The Authenticity of Host Can’t Be Established

Updating your SSH software should do the trick here

6 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

If you are connecting to a server via SSH for the first time, you are likely to get unable to establish the authenticity of host error. This occurs because yourSSH clientdoes not recognize the server.

However, this problem can still occur due to various factors like a man-in-the-middle attack. Irrespective of the cause of the issue, you can fix it with the simple yet effective solutions in this guide.

Why am I unable to establish the authenticity of a host?

Why am I unable to establish the authenticity of a host?

Listed below are some of the reasons you might be getting unable to establish the authenticity of host error on the remote server you are trying to connect to:

Now that we know the causes of this error, let’s fix it using the solutions below.

How can I verify and validate the host key?

How can I verify and validate the host key?

How can I fix the authenticity of host can’t be established error?

Before proceeding to the fixes in this section, try the following troubleshooting steps:

If the issue persists, you can now proceed to the detailed solutions below:

1. Skip HostKey checking

This is one of the easiest ways to fix the unable to establish the authenticity of host error. However, it is highly risky, as it basically removes the alert and exposes your PC if the prompt is caused by a man-in-the-middle attack.

But if you are sure the error message is because the host key was updated or reconfigured, add the entry below in the known_host file:$ ssh -o “UserKnownHostsFile=/dev/null” -o “StrictHostKeyChecking=no” user@host

This creates a null verification file and helps you bypass the security alert. To set this up permanently for the current user, add the above entry to the~/.ssh/configfile.

Finally, add it to the/etc/ssh/ssh_configfile instead to apply it to all users.

2. Verify the remote host

In some cases, this issue might be because the host key is wrong or not functional. Also, the server itself might not be legit.

In this case, you need to perform an SSH host key verification to be sure the key is correct and ensure the server is not compromised.

To do this, run the command below (change website with the actual domain or IP):ssh-keyscan website.com

This command will show the remote host’s public key on your terminal. You can now compare the public key with the one provided by the server admin or in the known_hosts file.

3. Remove the old host key

If the unable to establish the authenticity of host CA error is due to changes made to the key, you need to remove the old key.

To do this, run the command below (change website with the actual domain or IP):ssh-keygen -R website.com

This will remove the old key from your known_hosts file and fix the issue.

4. Flush DNS cache

At times, the unable to establish the authenticity of host issue might be caused by a misconfigured DNS host. To fix this, you need to flush the DNS cache and restart the connection.

Are there any risks associated with clearing known hosts?

The known_hosts file holds all your trusted keys and should not be wiped. But if you clear the file, it shouldn’t cause any issues.

You might only encounter the unable to establish the authenticity of host error on subsequent connections to a trusted server.

However, the file will be recreated automatically after you connect to another remote host with an SSH client.

How can I prevent host authenticity problems in the future?

The unable to establish the authenticity of host issue is normal when you are connecting to a server for the first time. So, you shouldn’t disable the security alert, ideally.

However, to prevent this error on trusted servers, especially on subsequent connections, make sure the host is not compromised, and you are connecting to the correct and updated key.

We have reached the end of this guide on how to fix the unable to establish the authenticity of host issue. This prompt is a normal security alert in most cases but can also mean the remote host has been compromised.

Like thebad owner or permissions on the SSH configissue, this problem can be solved by running a few commands.

Also, if you are getting the error when connecting to a server for the first time, know that it is something normal. So, you can just select the Yes option if you trust the server.

To wrap it up, if you want to knowhow to install RSAT on Windows 11, check our detailed guide on the topic.

More about the topics:server

Ola-Hassan Bolaji

Windows Hardware Expert

A Computer Engineering graduate, he has spent most of his life reading and writing about computers.

He finds joy in simplifying complex topics into simple solutions for PC users. The quality of his work and providing step-wise tested and proven solutions to PC issues are all that matter to him.

Away from computers, he is either reading or watching football!

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Ola-Hassan Bolaji

Windows Hardware Expert

He’s a Computer Engineering graduate who has spent most of his life reading and writing about computers & operating systems.