[Bug 1657] Server Authentication when both RSA and DSA are enabled (on the server)

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri May 6 11:30:25 EST 2011


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #1 from Damien Miller <djm at mindrot.org> 2011-05-06 11:30:25 EST ---
As of OpenSSH-5.7, the ssh client will not automatically prefer to use
host key types that it actually has hostkeys for. So it should
automatically do the right thing and avoid hostkey warnings if the
server advertises things in a different way.

Unfortunately, the SSH protocol can only attempt one hostkey type per
connection and has no way for a server to tell a client its full list
of hostkeys. We might look at making a protocol extension in the future
to allow the server to tell the client of its full list of hostkeys.

For now, you should let the client select the host key algorithm
automatically and it will do the right thing. If you want to override
the host key algorithm, then it is your responsibility to obtain the
other host keys and place them in known_hosts (either manually or by
accepting the "new hostkey" message)

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list