Are droplet SSH fingerprints ever administratively recomputed?

I just ssh’d into a droplet to upgrade the metrics agent, and noticed I needed to do a package upgrade. The upgrade failed a couple times (error “FATAL -> Failed to fork.”), so I rebooted the droplet. After reboot, the SSH fingerprint for the droplet had changed! Accessing the droplet console through the web UI shows the updated fingerprint as well, but why did it change? Was there some administrative event I missed?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer


I’ve seen this a few times and it was caused by one of the following:

  • After the reboot, your server removed an old ciphersuite.

  • Connecting to the same server using a different hostname.

  • The server IP has changed. This might not be the case for you unless you restored a snapshot of your droplet.

Regards, Bobby