On Tue, 1 Apr 2014, Nico Kadel-Garcia wrote: > This is partly why some folks would like an authentication procedure > for host keys, so such changed keys can be signed by a trustworthy > upstream source and simply accepted like signed SSL keys. You mean like the certificate keys we added to OpenSSH four years ago? -d