On Wed, 16 Sep 2020, Ryan Mulligan wrote: > Here you go: [snip] > The relevant part of my /etc/ssh/ssh_config is: > > Host * > AddressFamily inet > PubkeyAcceptedKeyTypes +ssh-dss > HostKeyAlgorithms +ssh-dss This is why you are seeing the hostkey warnings. When HostKeyAlgorithms is left at the default, then ssh will consider the public keys you have listed in UserKnownHostsFile and SystemKnownHostsFile when constructing the KEXINIT host key algorithm proposal. This is done so that, when the client and server agree on their host key algorithms, the selected algorithm is likely to be once that the client already has a recorded key for. Practically, it would look like this in your debug output: > debug3: hostkeys_foreach: reading file "/home/djm/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /home/djm/.ssh/known_hosts:207 debug3: load_hostkeys: loaded 1 keys from test debug3: hostkeys_foreach: reading file "/etc/ssh/ssh_known_hosts" debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@xxxxxxxxxxx,rsa-sha2-256-cert-v01@xxxxxxxxxxx,ssh-rsa-cert-v01@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256,ssh-rsa Here, ssh found a RSA key in ~/.ssh/known_hosts and ordered the host key algorithms to prefer it. This ordering step is only performed when the user has not specified their own HostKeyAlgorithms. Your config does, so you get the default set, with ssh-dss appended. > debug2: local client KEXINIT proposal > debug2: KEX algorithms: > curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c > debug2: host key algorithms: > ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,ssh-ed25519-cert-v01@xxxxxxxxxxx,rsa-sha2-512-cert-v01@xxxxxxxxxxx,rsa-sha2-256-cert-v01@xxxxxxxxxxx,ssh-rsa-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss which prefers ECDSA. As far as fixing this, you a couple of options: 1) Learn the other hostkeys for your destination. You can do this automatically using ssh -oUpdateHostKeys=yes ... (this will become the default once I fix a few corner-cases). This will avoid host key warnings. 2) Explicitly list the host key algorithms for this destination. I.e. have a "HostKeyAlgorithms ssh-ed25519" under a "Host [whatever]" block in your config. I don't really recommend this. 3) Restrict the set of hosts that you are adding ssh-dss for. Instead of doing it for "Host *", only do it for the hosts that strictly need it. ssh-dss is a weak algorithm and is disabled for this reason. IMO this is the best solution. Hope this helps, Damien Miller _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
