@nprofile1q... Anyway, I am the sole admin, if somebody gets on my management network I have bigger problems, and I only plan to keep these switches in production-ish use for a few months before upgrading (they'll become lab sandboxes after that).

So it's not going to be that big a deal to add some ~/.ssh/config lines to force use of the RSA host key.

But it does raise questions about the firmware in general to say the least