bugzilla-daemon at bugzilla.mindrot.org
2012-Jan-10 18:11 UTC
[Bug 1971] New: ssh-keyscan should default to ecdsa or ecdsa,rsa
https://bugzilla.mindrot.org/show_bug.cgi?id=1971
Bug #: 1971
Summary: ssh-keyscan should default to ecdsa or ecdsa,rsa
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh-keyscan
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: jay at jay.fm
Now that ssh defaults to preferring ECDSA keys, ssh-keyscan should
default to looking for them. Otherwise, naively following the 5.7
release notes and doing a keyscan on all your hosts is WORSE than
ignoring the release notes; you've just created RSA keys for all your
hosts, and if you ssh to any host for which you don't already have an
ECDSA key, you'll get the confusing
Warning: the ECDSA host key for 'www.example.com' differs from the key
for the IP address '10.1.2.3'
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Apr-11 13:34 UTC
[Bug 1971] ssh-keyscan should default to ecdsa or ecdsa,rsa
https://bugzilla.mindrot.org/show_bug.cgi?id=1971
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Blocks| |1986
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Damien Miller <djm at mindrot.org> 2012-04-11 23:34:40
EST ---
Fix applied - will be in OpenSSH 6.1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.