host key algorithm matching, v4 and v6

Stuart Henderson stu at spacehopper.org
Tue Nov 24 01:25:45 AEDT 2020 

I have a machine (OpenBSD -current) with the following known_hosts
entries from various old connections:

v4_address		ecdsa-sha2-nistp256
v6_address		ecdsa-sha2-nistp256	(line 1515)
hostname		ecdsa-sha2-nistp256
hostname,v4_address	ssh-rsa
hostname,v4_address	ssh-ed25519		(line 1222)

I've changed my resolver to hand out v6 addresses before v4 addresses
(I have done this before - given the above entries it looks like it was
at a time before ssh-ed25519 keys - then reverted it after an ISP problem
at some point). Now I get hostkey warnings. It's easy enough to cope with
the change manually of course, but I wonder if the automated behaviour
could be improved.

| $ ssh -vvvF none some.host.name
| ...
| debug3: record_hostkey: found key type ECDSA in file /home/sthen/.ssh/known_hosts:1220
| debug3: record_hostkey: found key type RSA in file /home/sthen/.ssh/known_hosts:1221
| debug3: record_hostkey: found key type ED25519 in file /home/sthen/.ssh/known_hosts:1222
| debug3: load_hostkeys: loaded 3 keys from some.host.name
| debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01 at openssh.com, using HostkeyAlgorithms verbatim
| ...
| debug1: Server host key: ssh-ed25519 SHA256:xxx
| debug3: hostkeys_foreach: reading file "/home/sthen/.ssh/known_hosts"
| debug3: record_hostkey: found key type ECDSA in file /home/sthen/.ssh/known_hosts:1220
| debug3: record_hostkey: found key type RSA in file /home/sthen/.ssh/known_hosts:1221
| debug3: record_hostkey: found key type ED25519 in file /home/sthen/.ssh/known_hosts:1222
| debug3: load_hostkeys: loaded 3 keys from some.host.name
| debug3: hostkeys_foreach: reading file "/home/sthen/.ssh/known_hosts"
| debug3: record_hostkey: found key type ECDSA in file /home/sthen/.ssh/known_hosts:1515
| debug3: load_hostkeys: loaded 1 keys from xxxx:xxxx:x:xxx::x
| debug1: Host 'some.host.name' is known and matches the ED25519 host key.
| debug1: Found key in /home/sthen/.ssh/known_hosts:1222
| Warning: the ED25519 host key for 'some.host.name' differs from the key for the IP address 'xxxx:xxxx:x:xxx::x'
| Offending key for IP in /home/sthen/.ssh/known_hosts:1515
| Matching host key in /home/sthen/.ssh/known_hosts:1222
| Are you sure you want to continue connecting (yes/no)? ^C

Should order_hostkeyalgs consider the address family and actually prefer
ecdsa-sha2-nistp256 in this case even though it has a better algorithm
for the host *name*?

Should this warning be skipped if the algorithm differs? (At least in the
case where UpdateHostKeys is used?)

More information about the openssh-unix-dev mailing list