future default for UpdateHostKeys: ask or yes?

James Ralston ralston at pobox.com
Fri Feb 21 07:02:00 AEDT 2020

On Fri, Feb 14, 2020 at 1:25 AM Damien Miller <djm at openbsd.org> wrote:
> A future release of OpenSSH will enable UpdateHostKeys by default to
> allow the client to automatically migrate to better algorithms.
> Users may consider enabling this option manually.

When you say “enable UpdateHostKeys by default,” do you mean a future
release of OpenSSH will default it to “ask”, or default it to “yes”?

The only other option with no/ask/yes options that doesn’t default to
no is StrictHostKeyChecking, which defaults to ask, so I suspect the
future default will be ask, not yes.

I ask (no pun intended, ha) because we’d like to set UpdateHostKeys
_now_ to what the future default will be, but it’s not clear from the
announcement whether the future default will be ask or yes.

More information about the openssh-unix-dev mailing list