The Gandi Community

New SFTP signatures for Gandi Simple Hosting instances

This December, we will be making a change to make Simple Hosting easier to use, as well as more manageable.

Currently, there are three separate signatures, one for each datacenter, for the SFTP protocol you use to transfer files to Gandi Simple Hosting instances.

In a few days, we will replace We have replaced these keys so that they are all the same (and thus easier to manage). The new key will have the following signature, whether your instance is hosted in our Paris, Baltimore, or Luxembourg datacenter:

2048 35:e0:5a:a9:54:12:55:6b:ce:41:8c:c1:9e:35:1d:f6 (RSA)
1024 80:c7:a8:05:dc:79:92:f1:9c:b7:61:46:a7:ad:2d:f7 (DSA)

For reference, the outdated key signatures were as follows:

Paris (sftp.dc0.gpaas.net):

2048 02:15:f6:35:d7:01:3c:58:74:8c:e4:0e:96:61:35:6f (RSA)
1024 36:c2:9c:5c:5b:d0:7e:5b:78:e4:ee:47:ad:aa:1c:8e (DSA)

Baltimore (sftp.dc1.gpaas.net):

2048 f8:ed:00:17:1a:88:9f:4d:15:fb:84:46:1e:19:4f:c5 (RSA)
1024 69:84:9b:dd:3b:cd:9a:20:df:60:60:e0:6d:cd:5e:e7 (DSA)

Luxembourg (sftp.dc2.gpaas.net):

2048 c1:0b:b5:1d:57:cb:00:75:22:a5:6b:d3:bc:73:64:5a (RSA)
1024 7c:ac:f0:23:6b:d6:e8:78:67:4c:72:95:9b:14:61:eb (DSA)

How does this affect me?

In most cases, all you need to do is accept the new key when you log into your instance via SFTP. The client will prompt you the first time you use it to connect after we make the change.

If your client doesn’t handle the changed signatures gracefully, you can manually flush the key on the command line (replace dc0 in the command below, if necessary: dc0 = Paris datacenter, dc1 = Baltimore, dc2 = Luxembourg):

$ ssh-keygen -R sftp.dc0.gpaas.net

and then use your sFTP tool and reconnect again and accept the new foreign key.

If you have any questions or concerns about this, let our support team know. We are here to help!