problem moving hostkey from ssh version 3.5p1 to 3.8p

Darren Tucker dtucker at
Tue Jul 19 10:16:29 EST 2005

Hari Bhaskaran wrote:
> Hi,
> I am trying to upgrade from OpenSSH_3.5p1 FreeBSD 4.8 to 
> OpenSSH_3.8p1 (Suse 9.1). Although the host rsa and dsa
> keys have been copied over from old to new machine, linux ssh
> clients (3.8p1) still bring up the new-key alert. ssh clients
> from freebsd machines till OpenSSH_3.6.1p1 work fine with 
> the setup (without the new key alert)
> ssh -vv shows linux clients are looking for type 0 and type 2 key and
> freebsd ones are looking for type 0 and type 1 keys

Type 0 keys are protocol 1 RSA, type 1 are protocol 2 RSA and type 3 are 
protocol 2 DSA.

> Is this some known incompatibility between ssh 3.6 vs 3.8 or something
> between linux vs freebsd?

Probably not.  The host key type is selected on the client side (see 
"HostKeyAlgorithms" in ssh_config), just change your clients to suit.  I 
don't think the default has changed for a long time (in the main code, 
anyway, FreeBSD may have done something differently).

If changing the clients is a big hassle you could disable the DSA key in 
sshd_config (specify 2 HostKey entries, one for RSA1 and one for RSA2).

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list