bugzilla-daemon at bugzilla.mindrot.org
2012-Jan-10 18:11 UTC
[Bug 1971] New: ssh-keyscan should default to ecdsa or ecdsa,rsa
https://bugzilla.mindrot.org/show_bug.cgi?id=1971 Bug #: 1971 Summary: ssh-keyscan should default to ecdsa or ecdsa,rsa Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-keyscan AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jay at jay.fm Now that ssh defaults to preferring ECDSA keys, ssh-keyscan should default to looking for them. Otherwise, naively following the 5.7 release notes and doing a keyscan on all your hosts is WORSE than ignoring the release notes; you've just created RSA keys for all your hosts, and if you ssh to any host for which you don't already have an ECDSA key, you'll get the confusing Warning: the ECDSA host key for 'www.example.com' differs from the key for the IP address '10.1.2.3' -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Apr-11 13:34 UTC
[Bug 1971] ssh-keyscan should default to ecdsa or ecdsa,rsa
https://bugzilla.mindrot.org/show_bug.cgi?id=1971 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Blocks| |1986 Status|NEW |RESOLVED Resolution| |FIXED --- Comment #1 from Damien Miller <djm at mindrot.org> 2012-04-11 23:34:40 EST --- Fix applied - will be in OpenSSH 6.1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.