When logging into the Identity Router via SSH, the error message "Host key verification failed" is displayed and login to the Identity Router is not complete. Below is a screenshot of the full error message:
The occurrence of the "REMOTE HOST IDENTIFICATION HAS CHANGED" issue is caused by a change in the key used by the IDR. Specifically, the sshd initially selects the ecdsa-sha2-nistp25 key instead of the configured ssh-rsa key. Consequently, when a user attempts to establish an SSH connection, the ecdsa key is added to the known_hosts file. However, if the sshd is restarted or IDR is upgraded, resulting in a service reboot, the sshd will then utilize the configured ssh-rsa key. Consequently, when a user tries to SSH into the server, the server will present a different key than the one stored in the known_hosts file, leading to a failure in host authentication.
To resolve this issue, the user is prompted to run the sshkey command.
It is worth noting that this change in key does not have any adverse effects and only occurs once during the lifetime of IDR when transitioning from the ecdsa-sha2 key to the ssh-rsa key to align with the configuration file.