Is it possible to remove a particular host key from SSH's known_hosts file?

Use this command to remove entries from known_hosts:

ssh-keygen -R hostname

Yes, you can remove just one key. Just open it in an editor and delete the offending line. The number after the colon in the error message is the line number, so that's the line to delete -- line 1 in your example..

I have only recently started using host key's, but when I have messed with them it is generally one key per line so backup the file and remove them one at a time until you find the right one. Then add the others back. Bit of a long way to do it, but should work.

Also based on that error, and with no idea what so ever, it could be the first host key in the file that is the problem so open up the file with vim

vim ~/.ssh/known_hosts

and hit

dd

then save it.

Using ssh-keygen -R hostname will not always work. If you have a newer version of SSH that is "hiding" the hostnames to prevent ssh-agent hijacking, apparently ssh-keygen is unable to unhash the hostname.

For example, I have a host called build-node-01 and I have connected to it and accepted the key. I then rebuild it from scratch, getting a new host fingerprint and I try to reconnect, I will get a warning that there is a conflict on line X (say 3). I run ssh-keygen -R hostname, but the next time I try to connect I still get a warning that there is a conflict. I examined the file only to discover that the hostname was hashed and showed up as [1] Bu4Ch@R@4D0M57uFF instead of a readable hostname.

In this case the only way to successfully get the offending host removed was to use

sed -i 'xd' ~/.ssh/known_hosts

To take this sed one step further, you may wish to make a backup of the known_hosts in case you delete the wrong line, in this case just add a .bak (or any extension) to the -i option to create a backup with that extension. Using ssh-keygen does this automatically.

sed -i.bak 'xd' ~/.ssh/known_hosts

Just to share another clean and easy answer I just found. Removing the hostname is out for me, as the known_hosts file is hashed. However, I COULD manually edit out the host entry based on the line number in the error message. As noted by Mike Scott previously, the offending hostname line number is in the error message.

Or, I can do this. From here: how to fix offending key in ssh known_hosts file

I got this bit of cli magic

sed -i 'xd' ~/.ssh/known_hosts

Replace the x with the line number, and voila. He also offers a perl answer if the sed will not work.

If you want to remove host key for certain ip, then this will help:

ssh-keygen -f "~/.ssh/known_hosts" -R "49.12.89.136"

To remove the offending entry is this

sed -i '/<ipaddr|hostname>/d' ~/.ssh/known_hosts

I cobbled together the below scipt. Just save it as ~/.rmhost

#!/bin/bash

rmhost_help()
{
        echo "Usage rmhost {ipaddr|hostname}"
        echo "          -h      Print this help message"
        exit 0
}
if [ -z $1 ] || [ $1 == "-h" ]; then rmhost_help

fi

sed -i "/$1/d" ~/.ssh/known_hosts

echo "host $1 removed"
exit 0

Then put this alias in ~/.bashrc

alias rmhost=~/.rmhost

When you get the error just type in 'rmhost {ipaddr|hostname}'

This one worked for me. This is the default method shown in the display when tried to add a known host.

ssh-keygen -f "/home/noob/.ssh/known_hosts" -R "172.16.132.132"

Just you have to change the IP address and host file path here.

sed '/10\.20\.120\.211/d' ~/.ssh/known_hosts > temp && mv temp ~/.ssh/known_hosts

In this case, 10.20.120.211 is the host I want to delete from my known_hosts file, make sure you escape the special characters like (.)

You can avoid removing the particular host by updating it:

ssh-keyscan -t ecdsa hostname >> ~/.ssh/known_hosts

This way you don't have to connect again to the host.