On 2018-05-26, Christian Weisgerber <naddy@xxxxxxxxxxxx> wrote: > On 2018-05-26, Stuart Henderson <stu@xxxxxxxxxxxxxxx> wrote: > >> Changing HostKeyAlgorithms means that the existing entries in known_hosts >> don't match, so the "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" >> message is triggered. > > That's not true. I'm using the default HostKeyAlgorithms along > with a known_hosts file composed almost entirely of ssh-ed25519 > entries. > > The first entry in HostKeyAlgorithms is only used to pick the key > type on first contact; afterwards ssh uses the key type from > known_hosts as long as that type has an entry somewhere in > HostKeyAlgorithms. > > As ssh_config(5) says under HostKeyAlgorithms: > > If hostkeys are known for the destination host then this default > is modified to prefer their algorithms. > Ah - this *was* a problem (I remember it when ECDSA was added), but I see it was fixed in 2010. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev