16.04: No ECDSA host key is known for XXXXX and you have requested strict checking.

Josef Wolf jw at raven.inka.de
Sun Jul 24 20:50:03 UTC 2016


On Sun, Jul 24, 2016 at 04:37:50PM -0400, Tom H wrote:
> On Sun, Jul 24, 2016 at 5:21 AM, Josef Wolf <jw at raven.inka.de> wrote:
> >
> > when connecting from machines with older ssh releases, I get the error
> > mentioned in the subject.
> >
> > I have abondoned DSA keys because they can easily be compromized. ECDSA is
> > told to have similar weaknesses as DSA.
> >
> > I undersand that ec25519 is noo new for older clients. But why won't they fall
> > back to the RSA key that is also available?
> 
> DOn't you need both keys in know_hosts for a fallback?
> 
> Get the public keys with "ssh-keyscan old-server-ip-address" and add
> the one that you want to use to "~/.ssh/known_hosts"

I HAVE both keys in known_hosts. But it seems to ignore the rsa key. The
ec25519 is not supported by old ssh versions. Instead of falling back to RSA,
ssh errors out with "no ECDSA ke known"

-- 
Josef Wolf
jw at raven.inka.de



More information about the ubuntu-users mailing list