future default for UpdateHostKeys: ask or yes?

James Ralston ralston at pobox.com
Fri Feb 21 15:57:13 AEDT 2020

On Thu, Feb 20, 2020 at 6:15 PM Damien Miller <djm at mindrot.org> wrote:

> On Thu, 20 Feb 2020, James Ralston wrote:
> > we’d like to set UpdateHostKeys _now_ to what the future default
> > will be, but it’s not clear from the announcement whether the
> > future default will be ask or yes.
> You're certainly welcome to do that, but you should be warned that
> there are some corner-case bugs that are known to exist relating to
> host certificates and @revoked keys. If you're not using either of
> those then I'd appreciate your running with UpdateHostKeys=yes and
> reporting your experience.

We aren’t using either of those, so we’ll play around with
UpdateHostKeys=yes and see if we encounter any strangeness.

Thanks for the clarification.

More information about the openssh-unix-dev mailing list