The authenticity of host can't be established - Not new machine or SSH key

Hi folks, I am getting a “The authenticity of host can’t be established” error when I try to ssh into my droplet. I’be searched and found answers saying that this is standard for NEW machines, but I have been logging into this droplet, at this ip address, from this same desktop, using this ssh key, for several months. So I’m curious what this means that this is happening now, whether I should be concerned about security here, and what I should do to get connected again.

To my knowledge, I haven’t made any changes to the droplet or to my ssh setup in between this change occurring.

Here is the exact output, anonymised slightly.

The authenticity of host 'my_ip_address (my_ip_address)' can't be established.
ECDSA key fingerprint is SHA256:string_of_letters_and_numbers.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hello, @alex11

Can you check if the ssh key is not changed in the Digital Ocean control panel by any chance?

If you’re seeing this message, then either the server has been reconfigured with a new key, or someone is spoofing the server’s identity. Due to the seriousness of a man-in-the-middle attack, it’s warning you about the possibility.

Let me know how it goes.

So this is for any other person having the same issue. It’s quite straightforward:

When this prompt is returned, it’s simply saying it doesn’t recognise this ip address i.e. it’s not part of your known_host.

Copy the key provided here ECDSA key fingerprint is SHA256:string_of_letters_and_numbers.

And paste it where it’s asking for yes or no or fingerprint Are you sure you want to continue connecting (yes/no/[fingerprint])? SHA256:string_of_letters_and_numbers.

And hit enter. This will add the ip address to known_host then you can ssh into it, with cmd or bash or vscode remote ssh functionality

Hi @ageorgiev - thanks for the info -

The ssh key doesn’t seem to be changed in the DigitalOcean control panel afaict - I found two public keys, with names I remember uploading, in the Security panel of my Account section in the control panel. The fingerprints of those public keys match the fingerprints of the keys on my machine I’m trying to connect from.

In the message I quoted above, when it gives me

ECDSA key fingerprint is SHA256:string_of_letters_and_numbers.

the fingerprint given there does not match any of my keys, if that is relevant.

FWIW the “Security History” section on my console only shows logins to the console from my home ip address, going back to when the account was created.

I’m very curious about any thoughts about what I should look at next