Client not requesting RSA key when in known_hosts
Hi Roumen, When using OpenSSH, when I have an RSA key in known_hosts and I connect to a server, the client should request the RSA key as preference when replacing old keys. This looks to have been added in OpenSSH 5.7 to prevent warnings when the server prefers to send ECDSA keys.
When using PKIX-SSH, I have found that when connecting to a server that has both RSA and ECDSA keys, the client is not properly asking for the RSA key as would be indicated by the key in known_hosts. As a result, the ECDSA key is returned. Since I have strict hostkey checking on, receiving the ECDSA key causes connection termination.
Is this an intended change from OpenSSH behavior or an unintended side effect of the additional capabilities in PKIX-SSH?
Thank you, Alex