On 2018-05-26, Stuart Henderson <stu@xxxxxxxxxxxxxxx> wrote: > Changing HostKeyAlgorithms means that the existing entries in known_hosts > don't match, so the "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" > message is triggered. That's not true. I'm using the default HostKeyAlgorithms along with a known_hosts file composed almost entirely of ssh-ed25519 entries. The first entry in HostKeyAlgorithms is only used to pick the key type on first contact; afterwards ssh uses the key type from known_hosts as long as that type has an entry somewhere in HostKeyAlgorithms. As ssh_config(5) says under HostKeyAlgorithms: If hostkeys are known for the destination host then this default is modified to prefer their algorithms. -- Christian "naddy" Weisgerber naddy@xxxxxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev