There probably is some MITM trick to force DSA. That will then indeed lead to a "host changed" warning in case the client has never used the dsa key before, so it probably won't hurt indeed.
But an option to disable it would be better. Kind of like the hostKeyType we have now :) On Fri, Aug 23, 2013 at 8:36 PM, Eelco Dolstra <[email protected]> wrote: > Hi, > > On 23/08/13 20:25, Mathijs Kwik wrote: > >> I currently only have an ecdsa host key and would like to keep it that way. >> This patch would give me a dsa key too which I don't want. > > The ssh client prefers ECDSA host keys over DSA keys so I don't think this is > a > big deal. But we could have an option to enable/disable generation of DSA > keys. > > -- > Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
