#Cluster ssh key(s) change during rolling upgrade?

We have a cluster with 12 nodes (6 HA pairs) that I'm running an ONTAP upgrade on. Annoying issue has come up when ssh'ing into it (the admin vserver) - the server ssh key changes. This implies each node or HA pair has a different server key for the same address.

1. Is this expected?
2. Can I sync them all to the same key?

I mean I can work around it, but it's not great.

It may not be a key change but rather a cypher change (ONTAP occasionally removes older cyphers ) what is the from and to code that you are doing?

Like maybe you were using dsa and now you are using rsa or esdca

I think there's a command that resyncs the SSH keys... some debug command hidden behind the diag privilege, can't remember from the top of my head

From 9.11.1P10 to 9.14.1P4. Yeah I saw the cipher changes noted, but that doesn't seem to correlate what I'm seeing.

and of course now that's all scrolled out of my terminal buffer.

I'll see about migrating that LIF around and see if I can figure it out. It's home now, we're past that node/pair on the upgrade.

If it's easy to fix I'd like to; if it's sketchy, then it can stay

Search support. I know I saw a kb article on exactly this scenario

Something like after upgrading ONTAP ssh keys changed

aha. Yeah had to divine the right search terms:
https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/SSH_fingerprint_mismatch_if_cluster_mgmt_LIF_migrates

and related for data SVMs
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/SSH_fingerprints_change_every_time_an_SVM_LIF_is_migrated_to_other_nodes_in_the_cluster

Solution is to create a case and reference that KB, which I may do next week.

Thanks for getting me in the right direction.

Poking around on my homelab Netapp, it might be in the direction of:

d755      51663      3             4096         Fri Apr 12 08:11:48 EDT 2024     .
d755      46230      6             4096         Fri Apr 12 08:11:51 EDT 2024     ..
 10444      51664      1            88039       Mon May 21 20:08:23 EDT 2018     moduli
 10444      51665      1             1283       Mon May 21 20:08:23 EDT 2018     ssh_config
 10644      61489      1             3256       Fri Apr 12 08:11:48 EDT 2024     sshd_config
d755      71946      2             4096         Thu Aug 25 21:39:41 EDT 2022     sshd_banner
 10600      71947      1             1675       Thu Aug 25 21:39:41 EDT 2022     ssh_host_rsa_key
 10644      71948      1              403       Thu Aug 25 21:39:41 EDT 2022     ssh_host_rsa_key.pub
 10600      71949      1              668       Thu Aug 25 21:39:42 EDT 2022     ssh_host_dsa_key
 10644      71950      1              611       Thu Aug 25 21:39:42 EDT 2022     ssh_host_dsa_key.pub
 10600      71951      1              227       Thu Aug 25 21:39:42 EDT 2022     ssh_host_ecdsa_key
 10644      71952      1              183       Thu Aug 25 21:39:42 EDT 2022     ssh_host_ecdsa_key.pub
 10600      71953      1              411       Thu Aug 25 21:39:42 EDT 2022     ssh_host_ed25519_key
 10644      71954      1              103       Thu Aug 25 21:39:42 EDT 2022     ssh_host_ed25519_key.pub```