By alex11
Hi folks, I am getting a “The authenticity of host can’t be established” error when I try to ssh into my droplet. I’be searched and found answers saying that this is standard for NEW machines, but I have been logging into this droplet, at this ip address, from this same desktop, using this ssh key, for several months. So I’m curious what this means that this is happening now, whether I should be concerned about security here, and what I should do to get connected again.
To my knowledge, I haven’t made any changes to the droplet or to my ssh setup in between this change occurring.
Here is the exact output, anonymised slightly.
The authenticity of host 'my_ip_address (my_ip_address)' can't be established.
ECDSA key fingerprint is SHA256:string_of_letters_and_numbers.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello, @alex11
Can you check if the ssh key is not changed in the Digital Ocean control panel by any chance?
If you’re seeing this message, then either the server has been reconfigured with a new key, or someone is spoofing the server’s identity. Due to the seriousness of a man-in-the-middle attack, it’s warning you about the possibility.
Let me know how it goes.
Hi @ageorgiev - thanks for the info -
The ssh key doesn’t seem to be changed in the DigitalOcean control panel afaict - I found two public keys, with names I remember uploading, in the Security panel of my Account section in the control panel. The fingerprints of those public keys match the fingerprints of the keys on my machine I’m trying to connect from.
In the message I quoted above, when it gives me
ECDSA key fingerprint is SHA256:string_of_letters_and_numbers.
the fingerprint given there does not match any of my keys, if that is relevant.
FWIW the “Security History” section on my console only shows logins to the console from my home ip address, going back to when the account was created.
I’m very curious about any thoughts about what I should look at next
So this is for any other person having the same issue. It’s quite straightforward:
When this prompt is returned, it’s simply saying it doesn’t recognise this ip address i.e. it’s not part of your known_host.
Copy the key provided here ECDSA key fingerprint is SHA256:string_of_letters_and_numbers.
And paste it where it’s asking for yes or no or fingerprint Are you sure you want to continue connecting (yes/no/[fingerprint])? SHA256:string_of_letters_and_numbers.
And hit enter. This will add the ip address to known_host then you can ssh into it, with cmd or bash or vscode remote ssh functionality
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.