ssh host key changed without reinstall

[xloem]

Problem description

I was running sshd for the first time, and my phone ran out of memory and killed termux.

When I rebooted sshd, the host key had changed.

It's possible I ran some other commands figuring out sshd, and then forgot that I ran them.

Additionally, I had been running dropbear prior to sshd, and uninstalled it. This is the most likely cause of the error, I believe.

$ ssh -p 8022 u0_phoneuser@phonehost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:D9e/StJrIUZh91LZFjfWx8HF8OAoxHa0bVhcL8LuA18.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/user/.ssh/known_hosts:79
ECDSA host key for [phonehost]:8022 has changed and you have requested strict checking.
Host key verification failed.

I've seen #2169, but it does not clarify whether this indicates compromise or is a normal quirk of the system, and the referenced article is in Indonesian, a different language from these issue posts.

I was hoping we could figure out if this was a normal behavior of termux, or indicated a dangerous situation or a user error, and provide more helpful and clear information.

What steps will reproduce the bug?

I am uncertain what triggers this. For me, I installed dropbear, shelled in, then uninstalled dropbear, and installed openssh, then left the shell and shelled back in, maybe twice. It's also possible I typed a spurious command trying to figure out setting up sshd.

What is the expected behavior?

A host key should not change unless a system reinstall is performed, the network or device is maliciously compromised. or the user mutates their system configuration folder, and documentation should indicate this to users.

System information

termux-info:

Termux Variables:
TERMUX_API_VERSION=0.50.1
TERMUX_APK_RELEASE=F_DROID
TERMUX_APP_PACKAGE_MANAGER=apt
TERMUX_APP_PID=19107
TERMUX_IS_DEBUGGABLE_BUILD=0
TERMUX_MAIN_PACKAGE_FORMAT=debian
TERMUX_VERSION=0.118.0
Packages CPU architecture:
arm
Subscribed repositories:
# sources.list
deb https://mirror.mwt.me/termux/main stable main
Updatable packages:
All packages up to date
termux-tools version:
1.27.0
Android version:
12
Kernel build information:
Linux localhost 4.14.141+ #1 SMP PREEMPT Sat Jun 18 23:00:16 CST 2022 armv7l Android
Device manufacturer:
unknown
Device model:
Phh-Treble Go

[xloem]

I ended up resolving this by converting my dropbear keys to openssh keys. The dropbearconvert utility also works the other way, to convert openssh keys to dropbear keys.

I did something like this:

# migrate host keys from dropbear to openssh
KEYTYPES='dss ecdsa rsa'

# convert dropbear private keys to openssh private keys
pkg install dropbear
for keytype in $KEYTYPES
do
  dropbearconvert dropbear openssh $PREFIX/etc/dropbear/dropbear_${keytype}_host_key $PREFIX/etc/ssh/ssh_host_${keytype}_key
done

# generate openssh public keys from openssh private keys
pkg install openssh
for keytype in $KEYTYPES
do
  ssh-keygen -f $PREFIX/etc/ssh/ssh_host_${keytype}_key -y > $PREFIX/etc/ssh/ssh_host_${keytype}_key.pub
done

I could then connect to my device without changing host keys in my clients.

It seems important to me for users to manage this properly since it can occasionally indicate such a severe concern.

I believe converting the other way would be something like this:

# migrate host keys from openssh to dropbear
KEYTYPES='dss ecdsa rsa'

# convert openssh private keys to dropbear private keys
pkg install dropbear
for keytype in $KEYTYPES
do
  dropbearconvert openssh dropbear $PREFIX/etc/ssh/ssh_host_${keytype}_key $PREFIX/etc/dropbear/dropbear_${keytype}_host_key
done