On Tue, 17 May 2011 21:14:59 +1000 (EST) Damien Miller wrote: > If you are using recent OpenSSH (5.7+) then ssh will automatically > prefer known host keys when connecting, so you should never be asked > to learn a new hostkey type unless the old ones are no longer offered. > > If you prefer to use ECDSA keys, then you may like to copy them > manually from the server or use ssh-keyscan (and check the > fingerprints).
Fair enough but if you only have an id_rsa in .ssh but know the RSA fingerprint then only an ecdsa fingerprint is offered by the server. If you have the ecdsa fingerprint and verify it manually but use an RSA key, I'm pretty sure your not open to MITM? (4.9 Release both sides)
