According to https://r3-cev.atlassian.net/browse/CORDA-3550 the “KEEP” suggestion was accepted for HostKeyAlgorithms:
ecdsa-sha2-nistp256 / ecdsa-sha2-nistp384 / ecdsa-sha2-nistp521
However, the Corda shell always automatically replaces the manually generated ssh/hostkey.pem if it is not RSA.
1. Configure Corda node C4.4 or CE4.4 with sshd.port in node.conf.
2.Generate an ECDSA key (ssh/hostkey.pem ) using OpenSSL.
3. Start the node and try connecting using the ssh command.
4. Check ssh/hostkey.pem
The manually generated ECDSA key (ssh/hostkey.pem) was replaced by the RSA key in step 3.
Please also note that this behavior is not reflected in the official documentation (Node shell/Authentication).