Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.
Yegor Ievlev
koops1997 at gmail.com
Sun Feb 24 10:34:19 AEDT 2019
Ok, thanks for the clarification.
On Sun, Feb 24, 2019 at 2:23 AM Damien Miller <djm at mindrot.org> wrote:
>
> On Sat, 23 Feb 2019, Yegor Ievlev wrote:
>
> > The reason why this is a bug is, for example, that if the server was
> > updated and it re-generated the ECDSA key you deleted, you would have
> > to do some non-obvious steps for your client to ignore it.
>
> No, that would also be a misconfiguration. If your SSHFP keys don't
> match your hostkeys then you're doing it wrong.
>
> -d
More information about the openssh-unix-dev
mailing list