https://bugzilla.mindrot.org/show_bug.cgi?id=2673
--- Comment #4 from Darren Tucker <[email protected]> --- (In reply to George Shuklin from comment #3) [...] > Yes, there is a risk, but it's less than 'use -R every time'. Adding > additional keys is not default configuration, so unexpected users > wouldn't be affected. Some users will do insecure things but that doesn't mean we should weaken the host key checking for those who don't. > Is any reason why to have two different keys with different algo is > OK, but to have two different keys with same algo is not OK? It's an artefact of the way the host key matching works, not a deliberate feature. In recent versions of OpenSSH the server will inform the client of all of its host keys (via the "[email protected]" extension) and if the client wants to (via UpdateHostKeys) it will update the known_hosts file. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
