Possible mitm attack

From PrgmrWiki


lsc@lsc-laptop:~$ ssh cerberus.prgmr.com
The authenticity of host 'cerberus.prgmr.com (72.13.95.58)' can't be established.
RSA key fingerprint is 00:3f:66:54:28:52:e1:c5:61:70:06:74:4e:29:95:17.
Are you sure you want to continue connecting (yes/no)? 



[root@cerberus ~]# ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
2048 5d:8a:f7:e1:e4:36:02:fe:ac:d9:7c:90:94:6b:51:61 /etc/ssh/ssh_host_rsa_key.pub
[root@cerberus ~]# ssh-keygen -lf /etc/ssh/ssh_host_key.pub 
2048 30:69:34:a6:9e:93:55:1f:2d:6b:46:63:01:ad:cc:e5 /etc/ssh/ssh_host_key.pub


[root@cerberus ~]# ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 00:3f:66:54:28:52:e1:c5:61:70:06:74:4e:29:95:17.
Are you sure you want to continue connecting (yes/no)? 

I don't think it's actually a mitm because I get the same thing when I ssh from my laptop to cerberus as I do if i ssh localhos from cerberus. It looks like it's somehow reading the old ssh key rather than the new ssh key. confirmed with an old authorized_keys file.