Understanding SSH Host Key Verification Process for Instances with Dynamic and Static IPs
Print
Created by: Keyur Panchal
Modified on: Thu, 14 Sep, 2023 at 12:40 PM
When we access the newly created instance, we have to accept SSH Host Key. So, this article provides a comprehensive understanding of the SSH Host Key verification process when creating instances with both dynamic and static IP addresses.
It shows what happens, in terms of SSH Host Key verification, in various scenarios, when we restart (stop and start) instance, reset instance, and it also shows what to do when potential issue occurs related to IP address allocation.
SSH Host Key Verification Process for Instances with Dynamic IP
This section explains SSH Host Key Verification Process, when we create an instance with Dynamic IP.
There are 2 scenarios, first scenario shows, what happens when we access the instance first-time & also access the instance after restarting it. Second scenario shows, what happens when we access the instance after we perform a 'Reset' from console dashboard.
Scenario 1: First-time Access and Subsequent Restart
Accessing the Instance for the First Time
When accessing an instance with a dynamic IP for the first time, you will be prompted to accept the SSH Host Key. This is a normal security measure to ensure secure communication.
Stopping and Starting the Instance
If you stop and then start (restart) the instance, it will be assigned a new public and private IP address.
When attempting to access the instance again after the restart, you will be asked to accept the SSH Host Key once more. This is not an error and part of the normal workflow due to the change in IP addresses.
Potential IP Address Reuse Issue
In some cases, when you restart (stop & start) the instance, the new public IP address assigned to your instance might have been previously allocated to a different instance you had in the past.
In this case, when you access the instance you will get this error.
So, before you access the instance, you must either remove the old SSH Host Key fingerprint associated with the reused IP or perform another stop and start of the instance.
This process is expected (which is not an error) and is part of the standard procedure to ensure secure connections.
Scenario 2: Resetting the Instance
Accessing the Instance After Reset
If you reset an instance which has a dynamic IP, it will retain the same public and private IP addresses.
Consequently, you will not be prompted to accept the SSH Host Key again when accessing the instance after ‘Reset’.
SSH Host Key Verification Process for Instances with Static IP
This section explains SSH Host Key Verification Process, when we create an instance with Static IP.
There are 2 scenarios, first scenario shows, what happens when we access the instance first-time & also access the instance after restarting it. Second scenario shows, what happens when we access the instance after we perform a 'Reset' from console dashboard.
Scenario 1: First-time Access and Subsequent Restart
Accessing the Instance for the First Time
When accessing an instance with a static IP for the first time, the SSH Host Key acceptance prompt will appear, which is a standard security measure.
Stopping and Starting the Instance
When you stop and then start (restart) the instance, the public IP address will remain the same, while the private IP address will be reassigned.
Accessing the instance after this restart will not require you to accept the SSH Host Key again, as the public IP remains unchanged.
Scenario 2: Resetting the Instance
Accessing the Instance After Reset
If you reset an instance which has a static IP, it will retain the same public and private IP addresses.
Therefore, accessing the instance after a reset will not trigger the SSH Host Key acceptance process.
Summary
Dynamic IP Instances
Stopping and starting a dynamic IP instance results in new public and private IP addresses.
SSH Host Key acceptance will be required again due to the IP address change.
Reusing a previously assigned public IP may necessitate the removal of the old fingerprint or an additional stop and start.
Static IP Instances
Stopping and starting a static IP instance retains the public IP but changes the private IP.
SSH Host Key acceptance is not required again after a restart.
Resetting a static IP instance maintains both the public and private IPs and doesn't trigger SSH Host Key acceptance.
Keyur is the author of this solution article.
Did you find it helpful?
Yes
No
Send feedback Sorry we couldn't be helpful. Help us improve this article with your feedback.