The authenticity of host can't be established - Not new machine or SSH key

September 27, 2019 143 views
Linux Basics Security DigitalOcean

Hi folks, I am getting a “The authenticity of host can’t be established” error when I try to ssh into my droplet. I'be searched and found answers saying that this is standard for NEW machines, but I have been logging into this droplet, at this ip address, from this same desktop, using this ssh key, for several months. So I’m curious what this means that this is happening now, whether I should be concerned about security here, and what I should do to get connected again.

To my knowledge, I haven’t made any changes to the droplet or to my ssh setup in between this change occurring.

Here is the exact output, anonymised slightly.

The authenticity of host 'my_ip_address (my_ip_address)' can't be established.
ECDSA key fingerprint is SHA256:string_of_letters_and_numbers.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
1 comment
2 Answers

Hello, @alex11

Can you check if the ssh key is not changed in the Digital Ocean control panel by any chance?

If you’re seeing this message, then either the server has been reconfigured with a new key, or someone is spoofing the server’s identity. Due to the seriousness of a man-in-the-middle attack, it’s warning you about the possibility.

Let me know how it goes.

Hi @ageorgiev - thanks for the info -

The ssh key doesn’t seem to be changed in the DigitalOcean control panel afaict - I found two public keys, with names I remember uploading, in the Security panel of my Account section in the control panel. The fingerprints of those public keys match the fingerprints of the keys on my machine I’m trying to connect from.

In the message I quoted above, when it gives me

ECDSA key fingerprint is SHA256:string_of_letters_and_numbers.

the fingerprint given there does not match any of my keys, if that is relevant.

FWIW the “Security History” section on my console only shows logins to the console from my home ip address, going back to when the account was created.

I’m very curious about any thoughts about what I should look at next

Have another answer? Share your knowledge.