UpdateHostkeys now enabled by default

Damien Miller djm at mindrot.org
Sat Oct 3 19:44:08 AEST 2020


I just fixed a couple of corner-cases relating to UpdateHostkeys in git
HEAD and have enabled the option by default. IMO this protocol extension
is important because it allows ssh clients to automatically migrate to
the best available signature algorithms available on the server and
supports our goal of deprecating RSA/SHA1 in the future.

We would really appreciate your feedback on this feature if you are able
to run git HEAD on non-production systems - we try our best to keep
OpenSSH stable and usable through the development cycle (really, we try
to keep it ready for release at any time). IMO it is quite suitable to
use as a daily driver on one's laptop. To test this feature, you really
only need run the ssh client.

For more details on the protocol extension behind UpdateHostkeys, please
see https://github.com/openssh/openssh-portable/blob/396d32f3/PROTOCOL#L286
Otherwise, feel free to ask me anything.

Damien Miller

More information about the openssh-unix-dev mailing list