Understanding SSH Host Key Verification Process for Instances with Dynamic and Static IPs : Genesis Cloud

When we access the newly created instance, we have to accept SSH Host Key. So, this article provides a comprehensive understanding of the SSH Host Key verification process when creating instances with both dynamic and static IP addresses.

It shows what happens, in terms of SSH Host Key verification, in various scenarios, when we restart (stop and start) instance, reset instance, and it also shows what to do when potential issue occurs related to IP address allocation.

SSH Host Key Verification Process for Instances with Dynamic IP

This section explains SSH Host Key Verification Process, when we create an instance with Dynamic IP.

There are 2 scenarios, first scenario shows, what happens when we access the instance first-time & also access the instance after restarting it. Second scenario shows, what happens when we access the instance after we perform a 'reset' from console dashboard.

Scenario 1: First-time Access and Subsequent Restart

Accessing the Instance for the First Time
- When accessing an instance with a dynamic IP for the first time, you will be prompted to accept the SSH Host Key. This is a normal security measure to ensure secure communication.
Stopping and Starting the Instance
- If you stop and then start (restart) the instance, it will be assigned a new public and private IP address.
- When attempting to access the instance again after the restart, you will be asked to accept the SSH Host Key once more. This is not an error and part of the normal workflow due to the change in IP addresses.
Potential IP Address Reuse Issue
- In some cases, when you restart (stop & start) the instance, the new public IP address assigned to your instance might have been previously allocated to a different instance you had in the past.
- In this case, when you access the instance you will get this error.
  Error if your IP has been used previously
- So, before you access the instance, you must either remove the old SSH Host Key fingerprint associated with the reused IP or perform another stop and start of the instance.
- This process is expected (which is not an error) and is part of the standard procedure to ensure secure connections.

Scenario 2: Resetting the Instance

Accessing the Instance After Reset
- If you reset an instance which has a dynamic IP, it will retain the same public and private IP addresses.
- Consequently, you will not be prompted to accept the SSH Host Key again when accessing the instance after ‘Reset’.

SSH Host Key Verification Process for Instances with Static IP

This section explains SSH Host Key Verification Process, when we create an instance with Static IP.

There are 2 scenarios, first scenario shows, what happens when we access the instance first-time & also access the instance after restarting it. Second scenario shows, what happens when we access the instance after we perform a 'Reset' from console dashboard.

Scenario 1: First-time Access and Subsequent Restart

Accessing the Instance for the First Time
- When accessing an instance with a static IP for the first time, the SSH Host Key acceptance prompt will appear, which is a standard security measure.
Stopping and Starting the Instance
- When you stop and then start (restart) the instance, the public IP address will remain the same, while the private IP address will be reassigned.
- Accessing the instance after this restart will not require you to accept the SSH Host Key again, as the public IP remains unchanged.

Scenario 2: Resetting the Instance

Accessing the Instance After Reset
- If you reset an instance which has a static IP, it will retain the same public and private IP addresses.
- Therefore, accessing the instance after a reset will not trigger the SSH Host Key acceptance process.

Summary

Dynamic IP Instances
- Stopping and starting a dynamic IP instance results in new public and private IP addresses.
- SSH Host Key acceptance will be required again due to the IP address change.
- Reusing a previously assigned public IP may necessitate the removal of the old fingerprint or an additional stop and start.
Static IP Instances
- Stopping and starting a static IP instance retains the public IP but changes the private IP.
- SSH Host Key acceptance is not required again after a restart.
- Resetting a static IP instance maintains both the public and private IPs and doesn't trigger SSH Host Key acceptance.

Understanding SSH Host Key Verification Process for Instances with Dynamic and Static IPs Print

When we access the newly created instance, we have to accept SSH Host Key. So, this article provides a comprehensive understanding of the SSH Host Key verification process when creating instances with both dynamic and static IP addresses.

It shows what happens, in terms of SSH Host Key verification, in various scenarios, when we restart (stop and start) instance, reset instance, and it also shows what to do when potential issue occurs related to IP address allocation.

SSH Host Key Verification Process for Instances with Dynamic IP

Scenario 1: First-time Access and Subsequent Restart

Accessing the Instance for the First Time

When accessing an instance with a dynamic IP for the first time, you will be prompted to accept the SSH Host Key. This is a normal security measure to ensure secure communication.

Stopping and Starting the Instance

If you stop and then start (restart) the instance, it will be assigned a new public and private IP address.

When attempting to access the instance again after the restart, you will be asked to accept the SSH Host Key once more. This is not an error and part of the normal workflow due to the change in IP addresses.

Potential IP Address Reuse Issue

In some cases, when you restart (stop & start) the instance, the new public IP address assigned to your instance might have been previously allocated to a different instance you had in the past.

In this case, when you access the instance you will get this error.Error if your IP has been used previously

Error if your IP has been used previously

So, before you access the instance, you must either remove the old SSH Host Key fingerprint associated with the reused IP or perform another stop and start of the instance.

So, before you access the instance, you must either remove the old SSH Host Key fingerprint associated with the reused IP or perform another stop and start of the instance.

This process is expected (which is not an error) and is part of the standard procedure to ensure secure connections.

This process is expected (which is not an error) and is part of the standard procedure to ensure secure connections.

Scenario 2: Resetting the Instance

Accessing the Instance After Reset

If you reset an instance which has a dynamic IP, it will retain the same public and private IP addresses.

Consequently, you will not be prompted to accept the SSH Host Key again when accessing the instance after ‘Reset’.

SSH Host Key Verification Process for Instances with Static IP

Scenario 1: First-time Access and Subsequent Restart

Accessing the Instance for the First Time

When accessing an instance with a static IP for the first time, the SSH Host Key acceptance prompt will appear, which is a standard security measure.

Stopping and Starting the Instance

When you stop and then start (restart) the instance, the public IP address will remain the same, while the private IP address will be reassigned.

Accessing the instance after this restart will not require you to accept the SSH Host Key again, as the public IP remains unchanged.

Scenario 2: Resetting the Instance

Accessing the Instance After Reset

If you reset an instance which has a static IP, it will retain the same public and private IP addresses.

Therefore, accessing the instance after a reset will not trigger the SSH Host Key acceptance process.

Summary

Dynamic IP Instances

Stopping and starting a dynamic IP instance results in new public and private IP addresses.

SSH Host Key acceptance will be required again due to the IP address change.

Reusing a previously assigned public IP may necessitate the removal of the old fingerprint or an additional stop and start.

Static IP Instances

Stopping and starting a static IP instance retains the public IP but changes the private IP.

SSH Host Key acceptance is not required again after a restart.

Resetting a static IP instance maintains both the public and private IPs and doesn't trigger SSH Host Key acceptance.

Related Articles

In this case, when you access the instance you will get this error.
Error if your IP has been used previously