When Connecting To Remote Box SSH Fingerprint Changed After Upgrade from 18.04 to 22.04

Question

I have a PHP script on my local box that connects to a remote box. Nothing on the remote box changed. And when I connect via the command-line, using the ssh command in a terminal, there was no change in the fingerprint. However, a PHP script where I have stored the fingerprint to check it for security, generated an error that the fingerprints did not match.

The relevant line of PHP code that retrieves the fingerprint is:

$fingerprint=ssh2_fingerprint($session, SSH2_FINGERPRINT_SHA1);

This is retrieving a different fingerprint after the upgrade, from what it did before, when I was running PHP 7.2 on Ubuntu 18. I am now running PHP 8.1. The script is generating no errors, warnings, or notices, even when I set the configuration to display everything, and it was not generating any under the old version either.

I can obviously update the fingerprint, but I would like to understand why this fingerprint has changed because it makes no sense to me and I cannot think of any explanation for why it would have changed when the connection from the terminal shows no change.

Answer 1

This is probably related to OpenSSH changing the default signature algorithm from ECDSA to ED25519 in version 8.5 (released on 2021-03-03).

Here is a quote from OpenSSH 8.5 release log:

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh(1), sshd(8): this release changes the first-preference signature
   algorithm from ECDSA to ED25519.

I think it will be interesting to you: What can cause a changed ssh fingerprint?