I'd like to change the default setting for HostKeyAlgorithms for all SSH connections to prefer ssh-ed25519 over ecdsa-sha2-nistp256. But I currently have ecdsa-sha2-nistp256 host keys for many hosts in my known_hosts file (about 70). When I connect to such a host with the new setting, I get the same message as if someone replaced the host key on that host:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:rqhdlN+Qe/GJeWoj3pyhLLSnzSCz68ZA7ds+mG4iZ7o.
Please contact your system administrator.
Add correct host key in [...]/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in [...]/.ssh/known_hosts:52
ED25519 host key for [...] has changed and you have requested strict checking.
Host key verification failed.
Now I would rather not have to remove all those host from my known_hosts file and accept the "new" ED25519 keys on the next connection. Rather I'd like to have a way to continue with the existing contents of that file. Is there any way to do this? E.g. by falling back to the known host key even when is not using the preferred algorithm. Or is there an automated way to replace all those entries?
