https://man.openbsd.org/ssh_config If hostkeys are known for the destination host then this default is modified to prefer their algorithms. On Sat, May 26, 2018 at 5:54 PM, Stuart Henderson <stu@xxxxxxxxxxxxxxx> wrote: > Answering the first part of your mail: > > On 2018-05-25, Yegor Ievlev <koops1997@xxxxxxxxx> wrote: >> The defaults for HostKeyAlgorithms option are: >> >> ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx, >> ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx, >> ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx, >> ssh-ed25519-cert-v01@xxxxxxxxxxx, >> ssh-rsa-cert-v01@xxxxxxxxxxx, >> ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, >> ssh-ed25519,ssh-rsa >> >> Why does OpenSSH prefer older and less secure >> (https://safecurves.cr.yp.to/) ECDSA with NIST curves over Ed25519? > > Changing HostKeyAlgorithms means that the existing entries in known_hosts > don't match, so the "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" > message is triggered. > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev