Hello,

I was running a 835.13.0 STABLE coreOS cluster, and upgraded to 899.13.0. After upgrade, none of my clients that use fleetctl (like my build system) could connect, as ssh was complaining the key signature changed and a possible MitM attack was occurring.

From the release notes, it looks like the cause may have been this change in 899.10.0:

Enabled EC ciphersuites in OpenSSL

Here's one example entry in my .fleetctl/known_hosts from before the upgrade:

1.2.3.4. ssh-rsa BLAHBLAHBLAH

and after:

1.2.3.4 ecdsa-sha2-nistp256 BLAHBLAHBLAH

This isn't a breaking issue as I worked around it by wiping the known_hosts file and recreating it with the proper new keys, but it may help others to call it out more explicitly on the release page.