ssh-ed25519 and ecdsa-sha2-nistp256 host keys

Ryan Mulligan ryan at ryantm.com
Wed Sep 16 14:34:23 AEST 2020


Hello.

I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows
the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host
keys. My /etc/ssh/ssh_known_hosts file contains the server's
ssh-ed25519 host key. When I try to SSH to the server I get this
error:


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:{redacted}.
Please contact your system administrator.
Add correct host key in /home/ryantm/.ssh/known_hosts to get rid of
this message.
Offending ED25519 key in /etc/ssh/ssh_known_hosts:64
ECDSA host key for HOST has changed and you have requested strict checking.
Host key verification failed.


If I add `HostKeyAlgorithms -ecdsa-sha2-nistp256` to my SSH config
file it connects fine. If I order ssh-ed25519 before ecdsa in the
HostKeyAlgorithms it works fine (however, it then breaks if I only
have the ecdsa key in the known_hosts file.).

It seems like there is some equivalence of ssh-ed25519 and
ecdsa-sha2-nistp256 host keys.

I was expecting OpenSSH to look through all the host keys to find one
that matched my known_hosts entry. Is that an invalid expectation?

Do I need to add every host key to the known_hosts file to reliably connect?

Am I missing some configuration option that will make OpenSSH treat
these host keys distinctly?

Sincerely,
Ryan Mulligan


More information about the openssh-unix-dev mailing list