I have been running openSSH 7.4p1 for a while now. When I upgraded to 7.5 a year or so ago I ran into the problem listed in this bug report: Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218472 The release notes for 7.6 release notes indicate that the fix patch was included: https://www.openssh.com/txt/release-7.6 I tried 7.6 and I still cannot connect without a prompt wondering if I am really sure. ----------------- 7.4p1 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:<snip> debug3: verify_host_key_dns debug2: ldns: got 1 answers from DNS debug1: found 1 secure fingerprints in DNS debug1: matching host key fingerprint found in DNS debug1: Next authentication method: publickey debug1: Offering RSA public key: ~/.ssh/id_rsa debug1: Server accepts key: pkalg rsa-sha2-512 blen 535 debug1: Authentication succeeded (publickey). ----------------- 7.6p1 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:<snip> debug3: verify_host_key_dns debug1: found 1 insecure fingerprints in DNS debug1: matching host key fingerprint found in DNS debug3: hostkeys_foreach: reading file "~/.ssh/known_hosts" debug3: hostkeys_foreach: reading file "~/.ssh/known_hosts" The authenticity of host 'host.domain.com (1.2.3.4)' can't be established. ECDSA key fingerprint is SHA256:<snip>. Matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? ^C ----------------- The system I am testing on is running macOS 10.13.2 (High Sierra). Others in my office are getting the same problem and running a similar setup (though some are running macOS 10.12) Is this a bug still or is there possibly something else at play here? Is anyone else having the same problem? (Is anyone else using SSHFP/DNSSEC?) Thanks, Jonathan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev