Sorry to pick up this old topic

I ran this week into the same problem except my known_hosts file 
contains ecdsa-sha2-nistp256 keys.
Since OpenSSH also determines the order of the host key algorithms by 
checking the known_hosts file I would like you to reconsider adding such 
an algorithm.

Here an extract of an OpenSSH debug log:

debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1 Ubuntu-2ubuntu0.2
debug1: Remote protocol version 2.0, remote software version 
OpenSSH_5.9p1 Debian-5ubuntu1.10
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.10 pat OpenSSH_5* compat 
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to as 'git'
debug3: hostkeys_foreach: reading file "/home/yyyy/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file 
debug3: load_hostkeys: loaded 1 keys from
debug3: order_hostkeyalgs: prefer hostkeyalgs:,,,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received

I currently fixed this by setting the the "server_host_key" config. 
Never the less this is sub-optimal as I need to repeat this for every 
new project that uses JSch. It is prone to break if our IT department 
decides to change the host key algorithm.



Check out the vibrant tech community on one of the world's most 
engaging tech sites,!
JSch-users mailing list

Reply via email to