Answering the first part of your mail: On 2018-05-25, Yegor Ievlev <koops1997@xxxxxxxxx> wrote: > The defaults for HostKeyAlgorithms option are: > > ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx, > ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx, > ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx, > ssh-ed25519-cert-v01@xxxxxxxxxxx, > ssh-rsa-cert-v01@xxxxxxxxxxx, > ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, > ssh-ed25519,ssh-rsa > > Why does OpenSSH prefer older and less secure > (https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519? Changing HostKeyAlgorithms means that the existing entries in known_hosts don't match, so the "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" message is triggered. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev