Mac – How to fix warning about ECDSA host key

We have this seen this happen more than a few times with our Mac customers using their built-in SSH CLI client utility.

This is a client-side issue, and is generated when your client connects to different servers using the same AWS IP address.

For example, say you spin up aMiSTACX for Magento with EIP Address: 32. 32. 1. 5 and connect via SSH for the first time.

You will cache a fingerprint to the local Mac SSH client.

Then you decide to switch the AWS EIP to another server, and establish another SSH connection.

[For WinSCP user’s you get a simple Yes/No warning about the Fingerprint.]

For MACs with a certain security setting [Strict SSH Checking] you will need to clear the fingerprint from the previous connection.

Remove the cached key for the IP address on the local machine as follows:

ssh-keygen -R {AWS IP ADDRESS}

e.g. ssh-keygen -R

and then just try the connection again:

ssh -i path/to/AWSAccessKey.pem [email protected]


ssh -i “AWSAccessKey.pem” [email protected]

Should be success? What can I say – it’s a Mac.



Comments are closed.