Engine Yard Developer Center

Warning message DNS SPOOFING DETECTED when SSHing into instances

You might get this message when you SSH into your instance:

The RSA host key for ec2-46-137-83-49.us-west-1.compute.amazonaws.com has changed,
and the key for the corresponding IP address
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/deploy/.ssh/known_hosts to get rid of this message.
Offending key in /home/deploy/.ssh/known_hosts:1
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.

This sequence of events can cause the warning to appear:

  1. Creation of an instance with an IP address.
  2. SSHing into that instance, no warnings happen (as expected).
  3. Shutdown of that instance.
  4. Creation of a new instance, assigning it the previously used IP address.
  5. SSHing into this new instance. This is when the warning appears.

Why this message appears

When you create a new instance, it is a new virtualized computer. So, when you return to the same IP address, your computer recognizes that it’s not the same computer as before. While this can, in some scenarios, indicate malicious activity as the warning indicates, in this scenario, it is expected and fine.

Solution: Edit the .ssh/known_hosts file

Edit the .ssh/known_hosts file and remove the line that contains the offending key.

To edit the .ssh/known_hosts file

  1. On your local machine, open your ~/.ssh/known_hosts file for editing.
  2. Delete the line that contains the offending key and that corresponds to the IP address given in the warning.
    In the example above, this is the first line of the file (the line number is given after the colon in the warning “Offending key in /home/deploy/.ssh/known_hosts:”):
  1. ec2–46–137–83–49.us-west–1.compute.amazonaws.com


If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request


  • Avatar
    Troy Martin

    Great fix, I suspected something like this was happening, but wasn't positive.  

  • Avatar
    Jean-Philippe Bégin

    very well explained. great post. there's also this command that is, in my opinion, faster than editing the known_hosts file...;

    ssh-keygen -R ip/host

    e.g. My IP address is and my domain name is testing.com, I would run (without the brackets) "ssh-keygen -R" OR... "ssh-keygen -R testing.com" and try to ssh in again.

    Edited by Jean-Philippe Bégin

Please sign in to leave a comment.

Powered by Zendesk