Re: UpdateHostkeys now enabled by default

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On Mon, 5 Oct 2020, Matthieu Herrb wrote:

> > If that fails then please send a debug trace from ssh ("ssh -vvv
> > ...")
> 
> Yes that works as expected in my tests. Thanks.
> 
> The problem is more that, in the default config, ssh is now refusing
> to connect when in addition to ecdsa keys there is alreadry an ED25519
> key for the hashed host name, but no hash IP entry. The bare 8.4 ssh
> (from OpenBSD september 29 snapshot) does connect without asking in
> that situation.

I think it is because I just changed the prefer hostkey algorithm from
ECDSA to ED25519 and not because of the UpdateHostkeys.

Maybe CheckHostIP should be relaxed to not consider IP address lines in
known_hosts when the key type there is a lower priority algorithm than
the selected hostkey type. I need to think about it.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux