Re: Strange crypto choices

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 2018-05-26, Stuart Henderson <stu@xxxxxxxxxxxxxxx> wrote:

> Changing HostKeyAlgorithms means that the existing entries in known_hosts
> don't match, so the "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED"
> message is triggered.

That's not true.  I'm using the default HostKeyAlgorithms along
with a known_hosts file composed almost entirely of ssh-ed25519
entries.

The first entry in HostKeyAlgorithms is only used to pick the key
type on first contact; afterwards ssh uses the key type from
known_hosts as long as that type has an entry somewhere in
HostKeyAlgorithms.

As ssh_config(5) says under HostKeyAlgorithms:

  If hostkeys are known for the destination host then this default
  is modified to prefer their algorithms.

-- 
Christian "naddy" Weisgerber                          naddy@xxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux