Hi, I'm having a problem when I add "HostKeyAlgorithms +ssh-dss" to the ssh_config file the host key will always negotiate to a wrong one. In my case it will negotiate to "ecdsa-sha2-nistp256". The client was already configured with the servers rsa public key, before the change I added to the ssh_config file I could see from the debug that server and client will negotiate to use ssh-rsa as expected. After change unfortunately the client and server will negotiate to use ecdsa-sha2-nistp256, then later will complain "REMOTE HOST IDENTIFICATION HAS CHANGED" and fail. I got around this by adding the ecdsa public key to the know hosts. After some instigation I noticed that before my change the host keys will reorder to use the rsa based ones first and the others after, but not after my change. So, I would like to know is there a reason for not allowing the keys to reorder after specifying them in the ssh_config file, and will this behaviour be changed in an upcoming release. I think it would be nice to reorder the host keys even when they from the config file. Thanks, Mahoda _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
