Client HostKeyAlgorithms ordering

Jakub Jelen jjelen at redhat.com
Fri Nov 2 00:32:21 AEDT 2018


Hello all,
The HostKeyAlgorithms client option is the only option of the
algorithms selection, where the order has significant effect on the
behavior. This effectively prevents from limiting these algorithms or
extending the default list while preserving the sorting by the host
keys.

In the bug #2924 [1] I proposed a new configuration option, that allows
also ordering of the provided list preserving the current behavior by
default. Would such change be acceptable or should we rather introduce
a new configuration option HostKeyAlgorithmsAllow, which will allow
sorting this list by existing known hosts.

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2924

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.



More information about the openssh-unix-dev mailing list