On Fri, Apr 10, 2026 at 20:37:02 -0400, Jeffrey Walton wrote: > > My question is, does Debian automatically rotate SSH keys on a server?
No, it doesn't. > > Please forgive my ignorance... I am running Debian Bookwork on a > > Hostinger VPS. I'm not familiar with this company, but in general, hosting providers (VPS or otherwise) very often introduce changes of their own. So, it's conceivable that Hostinger may have added something that would cause the SSH host keys to change. > The odd thing is, I use ed25519 keys. The server sent an ed25519 key, > but my SSH client complained about an ecdsa key. I did not take note > if ecdsa was used in the past despite having an ed25519 key. If I had to guess... > $ ssh cryptopp.com > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that a host key has just been changed. > The fingerprint for the ED25519 key sent by the remote host is > SHA256:OTLUNQZNIz4A1Cz9/fSEmvyfqxZaGT2xcFcF2yAcYIg. > Please contact your system administrator. > Add correct host key in /home/jwalton/.ssh/known_hosts to get rid of > this message. > Offending ECDSA key in /home/jwalton/.ssh/known_hosts:33 ... I would guess that the host originally had only ECDSA and RSA keys, and the ed25519 key was added later. Possibly upon a reboot, because it's extremely common for systems to have scripts that generate missing SSH host keys during boot. If you login, you might look at the timestamps on the /etc/ssh/*_host_* files, and see whether they were changed/created recently. It's also possible that something malicious is occurring, but so far you haven't provided enough evidence to prove that.
