After a distribution upgrade of Ubuntu you might experience a Host key verification error if you try to connect to the server via ssh or sftp.
Be aware that a Host key verification error is always suspicious. Proceed only if you're sure that you're not falling for a Man-in-the-middle attack.
If you're not sure ask the Operations-Team at makandra to verify the current host key.
To completely remove the old host key on the client run:
# remove host entry
ssh-keygen -f "$HOME/.ssh/known_hosts" -R appserver.makandra.de
# remove IP entry
ssh-keygen -f "$HOME/.ssh/known_hosts" -R $(getent hosts appserver.makandra.de | cut -d ' ' -f 1)
# Connect and accept new fingerprint
ssh appserver.makandra.de
The authenticity of host 'appserver.makandra.de (213.179.144.92)' can't be established.
ED25519 key fingerprint is SHA256:a3W73tq+k/GPNFoSwzTEO8U5F8vMh5z5Eu+2lZY15FI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
The reason for this is that OpenSSH uses different host key types, depending on the installed version and configuration.
On first connection your SSH client stores the currently provided host key (and type) in your known_hosts file.
When the server stops providing that locally stored host key you get a mismatch and need to trust the alternative host key.
- 20.04 –
focal- OpenSSH 8.2
- first-preference signature algorithm: ECDSA
- 22.04 –
jammy- OpenSSH 8.9
- first-preference signature algorithm: ED25519
- 24.04 –
noble- OpenSSH 9.6
- first-preference signature algorithm: ED25519
