Two ssh keys for common-lisp.net?

Mark Evenson evenson at panix.com
Mon Mar 16 09:30:40 UTC 2015


I keep getting messages about SSH key mismatch for common-lisp.net.  It seems that two SSH keys are being negotiated for my client where it isn’t clear which one is chosen:

148.251.248.130 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJi/0OMu3anrn4jRBQ0KumZUaIWLKb59q4egMU2ljgvBk7Fgvl3tcwphJzETqB0Rap0n8naR/pj5SDNzenjLgQo=
148.251.248.130 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1/IAysdjPDZvOfpFESxhhokPmPrXi2n3dy3HfWDe0mQvkki0cJYPwhsKDe28uIneMUOMWUYCDI6FD6/phLrQQww2K88SXs3hskj4ZWjwNz0UTaYBoutRc9KxIPC6/heglREC2JMrnQBVDqPoKQalt3JfU6rFA93kpzF/gEvQ/toEOVZi55KpKDzdd/gjPsUCKOzNxCptFkkkOsigeOfNgSu9J/ptrqseu3T0zJtCnuIudvkgRUj0RMVNBJ/UvvWb3XSCAVMkMtF8Ml7pRy3+JV1RCbwbgZZDchQnwsunIFXhc/hWUyCfsX4nmZgx1qPeGYmUdo/Un5QNT6MKyFrm1

And indeed <file://common-lisp.net/etc/sshd_config> lists three keys:

HostKey /etc/ssh/ssh_host_rsa_key                                                                                                                                                            
HostKey /etc/ssh/ssh_host_dsa_key                                                                                                                                                            
HostKey /etc/ssh/ssh_host_ecdsa_key                                                                                                                                                          

I’m not familiar with this practice.  What is the purpose of having multiple sshd keys?  Shouldn’t we just pick the most secure kind of host key (probably ECDSA)?

-- 
"A screaming comes across the sky.  It has happened before but there is nothing 
to compare to it now."









More information about the clo-devel mailing list