Bug#810546: openssh-client: hostkey verification fails checking/matching HostKeyAlgorithm; misreports offending HostKey
I can confirm this for openssh-client 1:7.4p1-10+deb9u1 on Stretch.
It also affects OpenSSH 7.4p1 on macOS, so I guess it really is an upstream
issue.
Furthermore, the ssh_config manpage says about `HostKeyAlgorithms`:
> [...],
> ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
> ssh-ed25519,ssh-rsa
>
> If hostkeys are known for the destination host then this default is
> modified to prefer their algorithms.
Reading this strictly, I assume "this default" only refers to the default value
stated before and the sentence does not apply with custom `HostKeyAlgorithms`.
There appears to be no option to also get the described behavior in that case.
Best regards,
Felix
Reply to: