future default for UpdateHostKeys: ask or yes?
James Ralston
ralston at pobox.com
Fri Feb 21 15:57:13 AEDT 2020
On Thu, Feb 20, 2020 at 6:15 PM Damien Miller <djm at mindrot.org> wrote:
> On Thu, 20 Feb 2020, James Ralston wrote:
>
> > we’d like to set UpdateHostKeys _now_ to what the future default
> > will be, but it’s not clear from the announcement whether the
> > future default will be ask or yes.
>
> You're certainly welcome to do that, but you should be warned that
> there are some corner-case bugs that are known to exist relating to
> host certificates and @revoked keys. If you're not using either of
> those then I'd appreciate your running with UpdateHostKeys=yes and
> reporting your experience.
We aren’t using either of those, so we’ll play around with
UpdateHostKeys=yes and see if we encounter any strangeness.
Thanks for the clarification.
More information about the openssh-unix-dev
mailing list