

Host-key rotation in OpenSSH 6.8 - petrosagg
https://lwn.net/Articles/637156/

======
peterwwillis
I'm not sure I understand why this feature was added. Providing new keys - and
revoking them - already works using SSH's CA support:
[https://www.digitalocean.com/community/tutorials/how-to-
crea...](https://www.digitalocean.com/community/tutorials/how-to-create-an-
ssh-ca-to-validate-hosts-and-clients-with-ubuntu)

A client can verify new Host keys, and a server can verify new user keys, all
by checking if it's signed or revoked by the CA. This prevents a client from
receiving a host key generated by an attacker on a compromised host, and it
allows a server to authenticate clients even if they've never received the
client user's key.

If this functionality is used properly, it should be _more_ secure than the
new feature mentioned above. The only advantage the new feature has is it'll
work with clients that support the new feature without having to modify their
configuration (but it still doesn't provide all the features or security the
CA provides).

~~~
petrosagg
I think the main problem is that there are a lot of SSH servers already
deployed without using the CA approach and migrating HostKeys is a pain
without causing horrible warnings to the clients.

Take GitHub for example. If this feature was mainstream they would be able to
phase out their DSA key without people noticing.

