// host key warning

if you see a warning like this when connecting, don't panic — here's what it means and how to fix it.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION     @
@            HAS CHANGED!                    @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING
NASTY!
Someone could be eavesdropping on you right now
(man-in-the-middle attack)!

// should i worry?

our ssh host key is persistent across regular updates. normal deploys do not change the key, so you should not see this warning after a routine update.

if the host key ever does need to change (e.g. a server migration), we will announce it on the /updates page beforehand. if you see this warning and there's no announcement — be cautious.

// why does this happen?

every ssh server has a unique key that identifies it. your computer remembers this key the first time you connect. if the key changes, your ssh client warns you — this is a security feature to protect you from man-in-the-middle attacks.

common reasons for a key change:

-

server migration

we moved to a new server (announced on /updates)

-

infrastructure change

a major change required regenerating the key (also announced)

-

actual attack

if there's no announcement, treat this seriously

// how to fix it

first, check the /updates page to confirm a host key change was announced. if it was, remove the old key:

$ ssh-keygen -R chessssh.com

then connect again as usual:

$ ssh chessssh.com

you'll be asked to accept the new key — type yes and you're good to go.

// manual fix

if ssh-keygen -R doesn't work, you can manually edit the file:

1

open the known hosts file

~/.ssh/known_hosts on macOS and Linux

2

find the line containing chessssh.com

it will be a long line starting with the hostname

3

delete that line and save

then reconnect with ssh chessssh.com

// windows (PuTTY)

if you're using PuTTY, you'll see a dialog box about the server's host key. click Yes to accept the new key and continue.

if you want to clear it manually, the keys are stored in the Windows Registry under:

HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\SshHostKeys

// no announcement but got the warning?

if you see a host key warning and there is no matching announcement on /updates, this could indicate a man-in-the-middle attack. here's what you should do:

1

do not accept the new key

when your ssh client asks to continue, type no or press Ctrl+C

2

do not enter your password

if someone is intercepting the connection, they could capture your credentials

3

check your network

public wifi, hotel networks, and shared connections are common targets for MITM attacks. try again from a trusted network

4

try again later

if the warning persists on a trusted network, it may be a temporary issue on our end — check /updates again in a few hours

if you use chessssh on untrusted networks regularly, consider using a VPN to protect your connection.