My bad, I should have posted the SSH warning, too. The same warning was generated on a Fedora 43 machine (fully patched) and a Ubuntu 24.04.5 machine (fully patched, too).
The odd thing is, I use ed25519 keys. The server sent an ed25519 key, but my SSH client complained about an ecdsa key. I did not take note if ecdsa was used in the past despite having an ed25519 key. Jeff On Fri, Apr 10, 2026 at 8:17 PM Jeffrey Walton <[email protected]> wrote: > > Hi Everyone, > > Please forgive my ignorance... I am running Debian Bookwork on a > Hostinger VPS. I tried to SSH into the machine today, and the host > SSH key change warning snapped due to Strict Host Key Checking. > > My question is, does Debian automatically rotate SSH keys on a server? > > (I don't ever recall reading or seeing an automatic rotation of an SSH > host key. But I wanted to rule it out before I burn the web server to > the ground). > > Thanks in advance. $ ssh cryptopp.com @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:OTLUNQZNIz4A1Cz9/fSEmvyfqxZaGT2xcFcF2yAcYIg. Please contact your system administrator. Add correct host key in /home/jwalton/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/jwalton/.ssh/known_hosts:33 remove with: ssh-keygen -f "/home/jwalton/.ssh/known_hosts" -R "cryptopp.com" Host key for cryptopp.com has changed and you have requested strict checking. Host key verification failed.
