https://bugzilla.mindrot.org/show_bug.cgi?id=3219
--- Comment #2 from [email protected] --- I am not sure what would be the use of multiple host keys of the same type if only one is offered at the same time. It the protocol doesn't allow retrying using a different host key, perhaps the server could refuse to start if given several host keys of the same type? In either case, while is possible to connect using different ECDSA keys, the algorithms must be specified explicitly. This seems to be due to the fact that given an ECDSA key `order_hostkeyalgs` in `sshconnect2.c` will return all ECDSA host key algorithms, including the ones incompatible with the key. This, in turn, seems to be due to the fact that OpenSSH considers the three ECDSA keys as being of the same type. Since you can't verify e.g. ECDSA nistp521 signature using "ecdsa-sha2-nistp384", perhaps OpenSSH could view the ECDSA keys as different ones? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
