Question regarding Host keys.

Darren Tucker dtucker at
Wed Sep 7 14:53:01 AEST 2016

On Wed, Sep 7, 2016 at 1:59 PM, Mahoda Ratnayaka <mahodardev at> wrote:
> I'm having a problem when I add "HostKeyAlgorithms +ssh-dss" to the
> ssh_config file the host key will always negotiate to a wrong one. In my
> case it will negotiate to "ecdsa-sha2-nistp256". The client was already
> configured with the servers rsa public key, before the change I added to
> the ssh_config file I could see from the debug that server and client will
> negotiate to use ssh-rsa as expected. After change unfortunately the client
> and server will negotiate to use ecdsa-sha2-nistp256, then later will
> complain "REMOTE HOST IDENTIFICATION HAS CHANGED" and fail. I got around
> this by adding the ecdsa public key to the know hosts.

What version of OpenSSH is this?  Can you post debug output (ssh -vvv)
with and without the +ssh-dss option?

Darren Tucker (dtucker at
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list