Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.

Yegor Ievlev koops1997 at gmail.com
Sun Feb 24 10:34:19 AEDT 2019

Ok, thanks for the clarification.

On Sun, Feb 24, 2019 at 2:23 AM Damien Miller <djm at mindrot.org> wrote:
> On Sat, 23 Feb 2019, Yegor Ievlev wrote:
> > The reason why this is a bug is, for example, that if the server was
> > updated and it re-generated the ECDSA key you deleted, you would have
> > to do some non-obvious steps for your client to ignore it.
> No, that would also be a misconfiguration. If your SSHFP keys don't
> match your hostkeys then you're doing it wrong.
> -d

More information about the openssh-unix-dev mailing list