You try to SSH to a VM in Google Compute Engine, and get “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!”

For your GCE, Google changes the host SSH keys on automated updates and other events. So, you’ll get that “CHANGED!” warning a lot. Whether a human or an n automated script is SSH-ing to the instances, you will want to get rid of it.

Fixes:

  • Dangerous but works: Ignore the known_hosts SSH keys’ signature with ssh -o StrictHostKeyChecking=no .
  • Better: Let Google manage SSH keys for you in Metadata. GCP’s IAM system keeps everything safe; you don’t have to keep track yourself.
  • Best: OS Login for even more automation and less key-tracking. Add a user’s keys for access to all GCE instances project-wide or just to one instance.