Possible bug: SSH doesn't prefer host keys listed in SSHFP records while connecting.

[Damien Miller]

On Sat, 23 Feb 2019, Yegor Ievlev wrote:

> The reason why this is a bug is, for example, that if the server was
> updated and it re-generated the ECDSA key you deleted, you would have
> to do some non-obvious steps for your client to ignore it.

No, that would also be a misconfiguration. If your SSHFP keys don't
match your hostkeys then you're doing it wrong.

-d