Strange crypto choices
Christian Weisgerber
naddy at mips.inka.de
Sun May 27 03:19:10 AEST 2018
On 2018-05-26, Stuart Henderson <stu at spacehopper.org> wrote:
> Changing HostKeyAlgorithms means that the existing entries in known_hosts
> don't match, so the "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED"
> message is triggered.
That's not true. I'm using the default HostKeyAlgorithms along
with a known_hosts file composed almost entirely of ssh-ed25519
entries.
The first entry in HostKeyAlgorithms is only used to pick the key
type on first contact; afterwards ssh uses the key type from
known_hosts as long as that type has an entry somewhere in
HostKeyAlgorithms.
As ssh_config(5) says under HostKeyAlgorithms:
If hostkeys are known for the destination host then this default
is modified to prefer their algorithms.
--
Christian "naddy" Weisgerber naddy at mips.inka.de
More information about the openssh-unix-dev
mailing list