The HPN patchset for openssh-portable was updated with b3f86656fc67 however when enabled it causes issues with ssh. When a user specifies a destination host that is not a fully qualified domain name (relying on the resolver search path to complete the hostname) ssh is unable to find SSHFP records (even when present) or known_host entries. For example, given a resolv.conf with: search freebsd.org Using the FQDN works as before: ice 146 % /usr/local/bin/ssh freefall.freebsd.org hostname freefall.freebsd.org But using just the hostname does not: ice 147 % /usr/local/bin/ssh freefall hostname The authenticity of host 'freefall (2610:1c1:1:6074::16:84)' can't be established. ED25519 key fingerprint is SHA256:oJ7FKX5UTBWP4CncsrsaIb1JbfbtqzKOMYni3oVLAo0. No matching host key fingerprint found in DNS. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? In this case tcpdump shows that "freefall.freebsd.org" is used for the A and AAAA DNS lookups but "freefall." is queried when the SSHFP lookup happens. Rebuilding with HPN disable solves this.