=== modified file 'TODO'
--- TODO	2015-03-10 18:52:09 +0000
+++ TODO	2015-05-22 20:23:46 +0000
@@ -53,6 +53,9 @@
 ** TODO [#B] Work around Avahi issue
    Avahi does not announce link-local addresses if any global
    addresses exist: http://lists.freedesktop.org/archives/avahi/2010-March/001863.html
+** TODO [#B] --notify-command
+   This would allow the mandos.service to use
+   --notify-command="systemd-notify --pid READY=1"
 ** TODO [#B] Log level							  :BUGS:
 *** TODO /etc/mandos/clients.d/*.conf
     Watch this directory and add/remove/update clients?

=== modified file 'mandos-keygen'
--- mandos-keygen	2014-12-21 12:56:08 +0000
+++ mandos-keygen	2015-05-22 20:23:46 +0000
@@ -285,13 +285,19 @@
     esac
     
     if [ $SSH -eq 1 ]; then
-	set +e
-	ssh_fingerprint="`ssh-keyscan localhost 2>/dev/null`"
-	if [ $? -ne 0 ]; then
-	    ssh_fingerprint=""
-	fi
-	set -e
-	ssh_fingerprint="${ssh_fingerprint#localhost }"
+	for ssh_keytype in ed25519 rsa; do
+	    set +e
+	    ssh_fingerprint="`ssh-keyscan -t $ssh_keytype localhost 2>/dev/null`"
+	    set -e
+	    if [ $? -ne 0 ]; then
+		ssh_fingerprint=""
+		continue
+	    fi
+	    if [ -n "$ssh_fingerprint" ]; then
+		ssh_fingerprint="${ssh_fingerprint#localhost }"
+		break
+	    fi
+	done
     fi
     
     # Import key into temporary key rings
@@ -363,7 +369,7 @@
 	    }
 	}' < "$SECFILE"
     if [ -n "$ssh_fingerprint" ]; then
-	echo 'checker = ssh-keyscan %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'
+	echo 'checker = ssh-keyscan -t '"$ssh_keytype"' %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'
 	echo "ssh_fingerprint = ${ssh_fingerprint}"
     fi
 fi