Bug 1971

Summary: ssh-keyscan should default to ecdsa or ecdsa,rsa
Product: Portable OpenSSH Reporter: jay
Component: ssh-keyscanAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: normal CC: djm
Priority: P2    
Version: 5.9p1   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 1986    

Description jay 2012-01-11 05:11:12 AEDT 
Now that ssh defaults to preferring ECDSA keys, ssh-keyscan should default to looking for them.  Otherwise, naively following the 5.7 release notes and doing a keyscan on all your hosts is WORSE than ignoring the release notes; you've just created RSA keys for all your hosts, and if you  ssh to any host for which you don't already have an ECDSA key, you'll get the confusing

Warning: the ECDSA host key for 'www.example.com' differs from the key for the IP address '10.1.2.3'
Comment 1 Damien Miller 2012-04-11 23:34:40 AEST 
Fix applied - will be in OpenSSH 6.1
Comment 2 Damien Miller 2015-08-11 23:02:37 AEST 
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1