Search Docs by Keyword

Table of Contents

SSH key error, DNS spoofing message

Whenever nodes are updated (for instance, the May 2018 upgrade to CentOS 7 and to Rocky 8 in June 2023), if there is a significant change to them then the SSH key fingerprint is likely to change. As you’ve already stored the fingerprint locally, you will receive a key mismatch error like:

Someone could be eavesdropping on you right now (man-in-the-middle attack)!


To fix this, you will need to remove the key in question from your computer’s local known_hosts file. If you are on a Mac or Linux, you can use the following command from a terminal window on your computer.

ssh-keygen -R

If the error was for a specific node, replace ‘’ with the full name of that host.

You can now log into the node and will receive an all new request to store the new SSH key.

The example in the screenshot above assumes that your username on your local machine (jharvard, in this case) matches your cluster account username. If this is not the case, you will have to login with your username, explicitly, such as: ssh

Please note that there are several nodes behind the ‘’ hostname, so you may receive the above more than once. Answering yes will allow you to continue.

Alternately, if you primarily only interact with the cluster, you may find it easiest to simply remove the known_hosts file and let it be created from scratch at next login. Mac and Linux users can do so from a terminal on their computer with the following command:

rm ~/.ssh/known_hosts



PuTTY may prompt you to update the key in place, or it may require updating a registry entry to correct this. If the latter, you will need to remove the known_hosts from the registry:

  1. Open ‘regedit.exe’ by doing a search  or by pressing the “Windows Key + R” and type “regedit” and hitting enter or try opening C:\Windows\System32\regedt32.exe
  2. Find HKEY_CURRENT_USER\Software\[your username here]\PuTTY\SshHostKeys
  3. Remove all keys or find and delete the individual key you need to remove
  4. Restart your computer, changes won’t take effect until after a restart.



You may also see the error when opening a terminal in VDI/OOD because internally it uses ssh from your FASRC account.  You can clear known_hosts on your FASRC account by:

  1. Log in from your local computer using one of the methods here:
  2. ssh-keygen -R (or follow the Mac/Linux instructions above)

Bookmarkable Section Links

© The President and Fellows of Harvard College
Except where otherwise noted, this content is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license.