Hi, On Fri, Apr 10, 2026 at 10:29:42PM -0400, Greg Wooledge wrote: > On Fri, Apr 10, 2026 at 20:37:02 -0400, Jeffrey Walton wrote: > > $ ssh cryptopp.com > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > > It is also possible that a host key has just been changed. > > The fingerprint for the ED25519 key sent by the remote host is > > SHA256:OTLUNQZNIz4A1Cz9/fSEmvyfqxZaGT2xcFcF2yAcYIg. > > Please contact your system administrator. > > Add correct host key in /home/jwalton/.ssh/known_hosts to get rid of > > this message. > > Offending ECDSA key in /home/jwalton/.ssh/known_hosts:33 > > ... I would guess that the host originally had only ECDSA and RSA > keys, and the ed25519 key was added later. Possibly upon a reboot, > because it's extremely common for systems to have scripts that > generate missing SSH host keys during boot.
I was thinking that, and I have had that sort of thing happen before, but the practical effect of that happening is that you get the "unknown host key" message, because it is literally a new host key type that you have never seen before. In this case, Jeffrey's host key has changed from some earlier time, and I don't know how that would happen. Unless perhaps Jeffrey had an earlier incarnation of this host, where he knew it by its ED25519 host key, then he reinstalled it and (only) knew the new one by its ECDSA host key, but then it (as part of a package upgrade or similar) decided to offer a (new) ED25519 host key that now does not match the old one that Jeffrey's clients still know. Anyway, there is nothing in Debian that changes existing host keys. While a hosting provider can do anything of course, messing with SSH host keys always causes support burden so it is generally avoided. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
