[2019] Remote Host Identification / SSH
»Most of hosted and remotely managed Aegir systems will receive security update during upgrade to BOA-4.0.0-prod, which will affect your access via SSH and SFTP, and you will be presented with the alarming warning shown below. But there is nothing to worry about. For security reasons, we are updating OpenSSH configuration and we will intentionally re-generate all server-side keys to improve your account security. It’s possible that we will do this again in the future, but it’s very rare inconvenience — last time we did this on June 09, 2016
$ ssh [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:MbkMc1Cv/JlnnUAcVPL5fRzkc0cfd9FPkGReplmJ16o.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user/.ssh/known_hosts:51
ED25519 host key for my.host has changed and you have requested strict checking.
Host key verification failed.
»How to remove/fix this warning? You can either edit the ~/.ssh/known_hosts
file on your computer and remove only the offending line (51 in the example above), or if you have just one or two entries in this file, just delete it, so it will be re-generated on the next SSH login attempt. NOTE: you need to do this also on all remote systems which connect to your account(s) over SSH once the BOA-4.0.0-prod update is applied to your BOA instance.