Are droplet SSH fingerprints ever administratively recomputed?

October 10, 2019 588 views
DigitalOcean Accounts

I just ssh’d into a droplet to upgrade the metrics agent, and noticed I needed to do a package upgrade. The upgrade failed a couple times (error “FATAL -> Failed to fork.”), so I rebooted the droplet. After reboot, the SSH fingerprint for the droplet had changed! Accessing the droplet console through the web UI shows the updated fingerprint as well, but why did it change? Was there some administrative event I missed?

1 Answer


I’ve seen this a few times and it was caused by one of the following:

  • After the reboot, your server removed an old ciphersuite.

  • Connecting to the same server using a different hostname.

  • The server IP has changed. This might not be the case for you unless you restored a snapshot of your droplet.


Have another answer? Share your knowledge.