Version 5 (modified by Jack Aponte, 12 years ago) (diff)

Added information on how to fix the problem on a Mac.

I'm getting a scary message when I try to login to my account using secure shell or secure FTP

When you try to secure shell (ssh) or secure FTP to our servers, you may get a message along the lines of:

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.

The reason you may be getting this message is because May First/People Link has changed the "host keys" for most of our servers due to a security problem discovered in the program used to generate the keys.

To find out the correct, current "fingerprint" of our servers, please see our fingerprints page.

Making the error message go away

Using linux

You will need to edit your ~/.ssh/known_hosts file. The error message should specify the line number of the "offending" key. Simply delete that line in the file and try again.

Using Windows

You should see the new fingerprint. Confirm that it is correct and then select the option to save this key permanently.

Using Macintosh

Similarly to Linux, you will need to edit your ~/.ssh/known_hosts file. The error message will specify the line number of the "offending" key; for example,

Offending key in /Users/Jack/.ssh/known_hosts:26

Here, 26 is the line number of the "offending" key. Edit ~/.ssh/known_hosts and delete the line. To do this using the vim text editor, type the following at the prompt in Terminal:

vi ~/.ssh/known_hosts

When the file opens, type


replacing "26" with your offending line number to jump to that line in the file. The name or IP address of the server you were trying to connect to should appear at the beginning of this line. Type


to delete the line, then type


to save your changes and quit. Then, try to connect to the server again. You'll likely get a message saying that the authenticity of the host cannot be established; type "yes" to continue connecting and the new host key will be saved into your known_hosts file.

What are host keys?

Host keys are random bits of text that are unique to every server. The randomness of the keys allows us to have a secure, encrypted connection between you and the server.