Manual Page for ssh_config

Roumen Petrov openssh at
Wed May 7 23:27:11 EST 2003

Hi Dirk,
Please find answers in quoted text.

Dirk Gouders wrote:

>I am using OpenSSH on a FreeBSD box
>(OpenSSH_3.5p1 FreeBSD-20030201, SSH protocols 1.5/2.0, OpenSSL 0x0090701f) 
>and I noticed that the manual page for ssh_config probably needs to be
>fixed.  The manual page says that the default value for the parameter
>HostKeyAlgorithms is "ssh-rsa,ssh-dss" but that seems to be wrong,
definitely NO

>because ssh only uses RSA-Keys in my .ssh/known_hosts if I
>explicitly set the parameter with "ssh-rsa,ssh-dss".  If the
Please check closely:
  1. command-line options
  2. user's configuration file ($HOME/.ssh/config)
  3. system-wide configuration file (usually /etc/ssh/ssh_config)

>parameter remains commented out, ssh doesn't use the already known
>RSA key:
Are you sure ?

>WARNING: RSA key found for host somehost.myorg
>in /home/somebody/.ssh/known_hosts:1
>RSA key fingerprint d9:ea:ea:c6:10:ab:59:92:87:c9:f0:40:d4:b7:9b:77.
>The authenticity of host 'somehost.myorg (' can't be established,
>but keys of different type are already known for this host.
>DSA key fingerprint is 14:cc:25:36:17:77:a9:e2:40:84:5a:03:b7:b1:08:5f.
>Are you sure you want to continue connecting (yes/no)? no
Just write "yes" and see what happen at next session.

>Host key verification failed
I think that your server was started only (!) with DSS key, after this a 
RSA key is added and restarted or at first session to "somehost.myorg" 
HostKeyAlgorithms was "ssh-dss,ssh-rsa".

Get X.509 certificate support in OpenSSH:

More information about the openssh-unix-dev mailing list