[
https://issues.apache.org/jira/browse/SSHD-1255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17542152#comment-17542152
]
Thomas Wolf commented on SSHD-1255:
-----------------------------------
{quote}(I suppose if the last host key was not an RSA key, the assumption is
that the server will not offer an RSA key in key rotation.){quote}
Heh. Apparently other people noticed that too, and it got fixed:
https://bugzilla.mindrot.org/show_bug.cgi?id=3375
So the rule now is that the strongest RSA signature the client had proposed is
used, even if some other key type was negotiated in KEX.
> Support host key update and rotation in the client
> --------------------------------------------------
>
> Key: SSHD-1255
> URL: https://issues.apache.org/jira/browse/SSHD-1255
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 2.8.0
> Reporter: Thomas Wolf
> Priority: Major
>
> Add support for the {{hostkeys...@openssh.com}} and
> {{hostkeys-prove...@openssh.com}} KEX extensions, including updating
> {{known_hosts}}.
> See https://github.com/openssh/openssh-portable/blob/807be6868/PROTOCOL#L286 .
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
