Package: openssh-client Version: 1:7.1p1-5 Severity: normal when connecting to a host A with entry in HostKeyAlgorithm-B-type HostKey in known_hosts and HostKey with Algorithm C!=B selected by client from A's offered pubkeys, ssh reports
> ssh -o HostKeyAlgorithms=ssh-rsa ccczh.ch > ... > REMOTE HOST IDENTIFICATION HAS CHANGED! > ... > The fingerprint for the RSA key sent by the remote host is > SHA256:BviBuxAuM8oiZQkw4xL128LRz/zfp0aozZK57t8MFxw. > ... > Offending ED25519 key in /home/arian-debian/.ssh/known_hosts:329 here B=ssh-ed25519, C=ssh-rsa ssh checks wether the selected sent matches the known_hosts' pubkey, but fails to take HostKeyAlgorithm into account (Does not check for B==C). As long as algorithm B is in the clients HostKeyAlgorithms, ssh should IMO use the known_host's pubkey (and maybe offer to insert the new prefered HostKey aquired over the authenticated channel into known_hosts) In any case, the message displayed by ssh is wrong - A still offers an unchanged, known, and supported by HostKeyAlgorithms pubkey. This hinders upgrade to better crypto when either hosts learn to support better crypto or HostKeyAlgorithms is changed to prefer or drop Algorithms this bug probably affects upstream, but I did not check therefor I did not set upstream tag MWE: ssh -o HostKeyAlgorithms=C localhost with C!=B #626864 may be a description of this bug (near-duplicate) but lacks reason -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages openssh-client depends on: ii adduser 3.113+nmu3 ii dpkg 1.18.4 ii libc6 2.21-6 ii libedit2 3.1-20150325-1+b1 ii libgssapi-krb5-2 1.13.2+dfsg-4 ii libselinux1 2.4-3 ii libssl1.0.2 1.0.2e-1 ii passwd 1:4.2-3.1 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages openssh-client recommends: ii xauth 1:1.0.9-1 Versions of packages openssh-client suggests: pn keychain <none> pn libpam-ssh <none> pn monkeysphere <none> pn ssh-askpass <none> -- no debconf information