find /etc -name '*ssh*' -ls
mostra que os únicos arquivos recentes são as várias chaves ssh (todas alteradas no final da reinicialização do servidor).
Olhando para / var / log / syslog, eu encontro estas linhas:
Sep 29 20:56:20 <server> cloud-init[1245]: Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Sep 29 20:56:20 <server> cloud-init[1245]: Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
Sep 29 20:56:20 <server> cloud-init[1245]: Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Sep 29 20:56:20 <server> cloud-init[1245]: Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
Sep 29 20:56:20 <server> cloud-init[1245]: Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
Sep 29 20:56:20 <server> cloud-init[1245]: Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
Sep 29 20:56:20 <server> cloud-init[1245]: Your identification has been saved in /etc/ssh/ssh_host_ed25519_key.
Sep 29 20:56:20 <server> cloud-init[1245]: Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub.
E do conteúdo de outras mensagens, a coisa cloud-init
parece ser do meu serviço de hospedagem, então provavelmente não é devido à atualização, mas à reinicialização, e eu vou ter um bate-papo com suporte.