Changed SSH fingerprint after upgrade to 23.05.3

Hi there,
i have upgraded my system to the latest release version (on FritzBox 4040 device) via the luci web interface.

After the upgrade, i wanted to use SSH connection (i use it since years), my system shows a known-host issue.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
.....

I am using the same hardware configuration (my laptop for configuring, and the FritzBox4040 with OpenWRT) since years. I do upgrades regularly, and never had an issue with the ssh log in.

I want to verify the the new fingerprint. How can i look up the SSH-fingerprint via the luci webinterface?

I don't want to just change the known-hosts file without proper verification!

Did you have done the upgrade with saved settings? What does kind of known host key is saved and what kind of key do you get offered?
Sorry nevermind it's there. It's RSA. But could it be the length of the key has changed?

If you did not keep settings across the upgrade, or if you had connected to another device at this address at some point in the past (such as another OpenWrt device, or even the same one with a previous configuration that had been reset since you last connected via ssh), this is expected. You can simply ignore the warning and delete the current key and then accept the new one.

I don't think that Luci has a way to do that. If you have serial or some other sufficiently trusted way to log into the router CLI and know it is your router, you can then ssh to itself and see the fingerprint.

RSA host keys are deprecated so at some point in the upgrade cycle you should generate an ED25519 host key and trust it.

i have kept all settings (definitely!).
Don't know what happened. I made sure to connect the device only by LAN cable with all other connections disconnected. Changed to ED25519.

Thanks for the fast replies!

Key changed. Go to user -> .ssh -> open knownhosts and delete entry for that ip.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.