Re: Strange crypto choices

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Answering the first part of your mail:

On 2018-05-25, Yegor Ievlev <koops1997@xxxxxxxxx> wrote:
> The defaults for HostKeyAlgorithms option are:
>
> ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,
> ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,
> ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,
> ssh-ed25519-cert-v01@xxxxxxxxxxx,
> ssh-rsa-cert-v01@xxxxxxxxxxx,
> ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
> ssh-ed25519,ssh-rsa
>
> Why does OpenSSH prefer older and less secure
> (https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519?

Changing HostKeyAlgorithms means that the existing entries in known_hosts
don't match, so the "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED"
message is triggered.


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux