I just realized at random that the Fenix build process seems ship with the same host keys. This poses a security risk since it is not verifiable anymore if the user connects to the correct and their own host via SSH since the private keys are publicly available.
The Images I checked: https://dl.khadas.com/Firmware/VIM3/Ubuntu/SD_USB/VIM3_Ubuntu-gnome-focal_Linux-5.12_arm64_SD-USB_V1.0.6-210520.img.xz
respective
https://dl.khadas.com/Firmware/VIM3/Ubuntu/SD_USB/VIM3_Ubuntu-gnome-focal_Linux-5.12_arm64_SD-USB_V1.0.6-210520.img.xz
First boot on my VIM3L with freshly installed Ubuntu 20 (5.12 kernel) installation:
root@Khadas:/# cat /etc/ssh/ssh_host_ecdsa_key.pub
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIQoCVw12/J8+MHShuEvQsEzff4KKIXDGU9pD7SOHZFzgOAKg03uiQKVeuN/1GLPJw1XE+5iaAEAw4LWR5wYQWU= root@fenix
My longer-running VIM3 (non-L) running the same distro:
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIQoCVw12/J8+MHShuEvQsEzff4KKIXDGU9pD7SOHZFzgOAKg03uiQKVeuN/1GLPJw1XE+5iaAEAw4LWR5wYQWU= root@fenix
The images mounted on my PC:
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIQoCVw12/J8+MHShuEvQsEzff4KKIXDGU9pD7SOHZFzgOAKg03uiQKVeuN/1GLPJw1XE+5iaAEAw4LWR5wYQWU= root@fenix