> If we are simply talking about ssh users ignoring fingerprint warnings then I don't see how this is an ssh weakness.

I didn't say it was an SSH weakness. I said that it was not "solved" problem in that most users I have seen completely ignore those warnings from SSH. So the problem persists even though SSH does it right.

With WebAuthn, the problem disappears. So that's an improvement for the users.

Don't get me wrong: I love SSH. I just think it's wrong to say that WebAuthn doesn't bring any kind of security to users.