I keep getting messages about SSH key mismatch for common-lisp.net. It seems that two SSH keys are being negotiated for my client where it isn’t clear which one is chosen:
148.251.248.130 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJi/0OMu3anrn4jRBQ0KumZUaIWLKb59q4egMU2ljgvBk7Fgvl3tcwphJzETqB0Rap0n8naR/pj5SDNzenjLgQo= 148.251.248.130 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1/IAysdjPDZvOfpFESxhhokPmPrXi2n3dy3HfWDe0mQvkki0cJYPwhsKDe28uIneMUOMWUYCDI6FD6/phLrQQww2K88SXs3hskj4ZWjwNz0UTaYBoutRc9KxIPC6/heglREC2JMrnQBVDqPoKQalt3JfU6rFA93kpzF/gEvQ/toEOVZi55KpKDzdd/gjPsUCKOzNxCptFkkkOsigeOfNgSu9J/ptrqseu3T0zJtCnuIudvkgRUj0RMVNBJ/UvvWb3XSCAVMkMtF8Ml7pRy3+JV1RCbwbgZZDchQnwsunIFXhc/hWUyCfsX4nmZgx1qPeGYmUdo/Un5QNT6MKyFrm1
And indeed file://common-lisp.net/etc/sshd_config lists three keys:
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key
I’m not familiar with this practice. What is the purpose of having multiple sshd keys? Shouldn’t we just pick the most secure kind of host key (probably ECDSA)?