[Bug 1971] New: ssh-keyscan should default to ecdsa or ecdsa,rsa

bugzilla-daemon Tue, 10 Jan 2012 10:11:20 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=1971


             Bug #: 1971
           Summary: ssh-keyscan should default to ecdsa or ecdsa,rsa
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.9p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh-keyscan
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Now that ssh defaults to preferring ECDSA keys, ssh-keyscan should
default to looking for them.  Otherwise, naively following the 5.7
release notes and doing a keyscan on all your hosts is WORSE than
ignoring the release notes; you've just created RSA keys for all your
hosts, and if you  ssh to any host for which you don't already have an
ECDSA key, you'll get the confusing

Warning: the ECDSA host key for 'www.example.com' differs from the key
for the IP address '10.1.2.3'

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 1971] New: ssh-keyscan should default to ecdsa or ecdsa,rsa

Reply via email to