We've been using CompleteFTP Professional for many years. We have sftp enabled on the server with all authentication methods available. We created an RSA and DSA key public key pair on the server, but have not created any keys for individual users.
Recently, with version 12.1.5, we have two clients out of 1,000+ clients that almost every day, they are unable to upload files because of the RSA fingerprint stores in their machine mismatching the server. In our troubleshooting, the RSA fingerprint presented is different every time, and doesn't match the RSA or DSA key fingerprint public key on the server when viewing it.
This issue persists after updating to 13.0.1. We even manually stored the DSA key fingerprint value from the server into the clients' database tables where this information is stored, but the next day or so, the client complains that the RSA key fingerprint does not match what is stored in the client's database. The key being presented is different than before.
Aside from MITM, any ideas what this could be?