cnst [cnst.su] writes:
OpenSSH developer
Damien Miller wrote tomorrow [djm.net.au] from Down Under about a new feature he implemented and committed for the next upcoming 6.8 release of OpenSSH —
hostkeys@openssh.com [bxr.su] — an OpenSSH extension to the SSH protocol for
sshd to automatically send all of its public keys to the client [bxr.su], and
for the client [bxr.su] to automatically
replace all keys of such server [bxr.su] within
~/.ssh/known_hosts with the fresh copies as supplied (provided the server is trusted in the first place, of course). The protocol extension is simple enough, and is aimed to make it easier to switch over from DSA to the
OpenSSL-free [soylentnews.org]
Ed25519 [bxr.su]
public keys [bxr.su]. It is also designed in such a way as to support the concept of spare host keys being stored offline, which could then seamlessly replace main active keys should they ever become compromised.
Original Submission
