How to Remove Unwanted SSH Keys

After re-install my Synology DSM, I cannot use ssh to login DSM. It prompts for following warning message:

Last login: Thu Jun 16 10:11:39 on console
Amigos-Mac-mini:~ Amigo$ ssh admin@
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /Users/Amigo/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/Amigo/.ssh/known_hosts:1
ECDSA host key for has changed and you have requested strict checking.
Host key verification failed.
Amigos-Mac-mini:~ Amigo$ 

In short, I have to remove my previous key. It’s saved in different location with different tools.

Terminal on OSX

With Terminal on OS X El Capitan, the key is stored in $HOME/.ssh/known_hosts. You have to remove the key started with previous IP and save the file. Here I have to remove the key with ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoY... (The rest has been removed due to security concern)

Delete SSH Keys Using Terminal Command Line on nixCraft provides different solution. Maybe it is different version of OS X.

As you may see below, I may use ssh to login DSM now. It will prompt for saving key at the first time.

Amigos-Mac-mini:.ssh Amigo$ ssh admin@
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:cq9E... (The rest has been removed due to security concern)
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
admin@'s password: 
Could not chdir to home directory /var/services/homes/admin: No such file or directory


  1. nixCraft: Mac OS X: Delete SSH Keys Using Terminal Command Line
  2. Reinstall Synology DSM
  3. Synology: DSM
  4. Wiki: OS X
  5. Wiki: OS X El Capitan
  6. Wiki: Secure Shell
  7. Wiki: Terminal (OS X)

One thought on “How to Remove Unwanted SSH Keys

  1. FWIW IMO the easiest way to remove keys via the commandline is:

    ssh-keygen -R hostname [-f known_hosts_file]

    E.g. in your example:

    ssh-keygen -R

    or alternatively:

    ssh-keygen -R ecdsa-sha2-nistp256

    I’ve never needed to use the -f switch to explicitly state the file, but I’m on Debian YMMV. Although the default path to the known_hosts file is the same as OSX ($HOME/.ssh/known_hosts) so it might work…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.