What’s a Host Key, and why did it change?

The first time you connect to a server via SSH or SFTP, we keep a local copy of the key the server uses to identify itself. On future connections, we can use this key verify to that the server we’re connecting to is the same one we’ve connected to before. Without host key verification, we’d be vulnerable to man-in-the-middle attacks.

If Nova or Transmit warns you that the host key has changed, it means this server’s key is different from the key we stored when we first connected to this server. Some web servers rotate host keys each time you connect, like GoDaddy. If this is unexpected, you should reject the changed key, cease connecting to this server, and contact your server administrator.