What’s a Host Key, and why did it change?

The first time you connect to a server via SSH or SFTP, we keep a local copy of the key the server uses to identify itself. This way we can verify on future connections that the server we’re connecting to is the same one we’ve connected to before. Without host key verification, we’d be vulnerable to man-in-the-middle attacks.

If Transmit warns you that the host key has changed, it means this server’s key is different from the key we stored the first time we connected to this server. Some web servers rotate host keys each time you connect, like GoDaddy. If this is unexpected, you should reject the changed key, cease connecting to this server, and contact your server administrator.

Last updated June 5, 2018