OpenSSH Will Feature Key Discovery and Rotation For Easier Switching To Ed25519

ConstantineM writes: OpenSSH developer Damien Miller has posted about a new feature he implemented and committed for the next upcoming 6.8 release of OpenSSH — hostkeys@openssh.com — an OpenSSH extension to the SSH protocol for sshd to automatically send all of its public keys to the client, and for the client to automatically replace all keys of such server within ~/.ssh/known_hosts with the fresh copies as supplied (provided the server is trusted in the first place, of course). The protocol extension is simple enough, and is aimed to make it easier to switch over from DSA to the OpenSSL-free Ed25519 public keys. It is also designed in such a way as to support the concept of spare host keys being stored offline, which could then seamlessly replace main active keys should they ever become compromised.

Re: Seamlessly replace keys?

Yeah, but it's also easier to compromise a host, send out fake server keys, and then patch things up so the server looks fine again but intercept targeted clients. Even if the server would push out only its current whitelisted keys and they completely replaced known_hosts, users who are already MitM'd wouldn't see that until they can establish a connection to the real server, which they might not even trust anymore due to known_hosts being changed by the MitM. In short, it sounds dangerous. By all means sign the ECDA25517 keys with existing trusted keys, but don't just overwrite anything.

Re:Seamlessly replace keys?

Although, in hindsight - you've already authenticated the server, so you are going to treat it as a trusted party anyway...

Agreed, but *I* would still like to be prompted anyways. The same way when it comes to things like windows or app "automatic updates" I always pick the "notify me, but don't download/update without asking" option. I like to *know* what's happening to my systems, and have the option to say NO, even if it's probably unlikely.