[Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jan 19 03:46:02 AEDT 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3253
Bug ID: 3253
Summary: ssh-keygen man page still lists deprecated key types
for -t
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: Markus.Kuhn at cl.cam.ac.uk
The man page ssh-keygen.1 still lists for option "-t" only the possible
values
dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
However the first of these ("dsa" generating an "ssh-dss" key) is
already disabled, the last of these (rsa) seems scheduled to be
disabled, and many newer key types are missing.
In comparison, the default list of acceptable keytypes for publickey
authentication is given in sshd_config.5 under option
PubkeyAcceptedKeyTypes as
ssh-ed25519-cert-v01 at openssh.com,
ecdsa-sha2-nistp256-cert-v01 at openssh.com,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
sk-ssh-ed25519-cert-v01 at openssh.com,
sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,
rsa-sha2-512-cert-v01 at openssh.com,
rsa-sha2-256-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,
ssh-ed25519,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
sk-ssh-ed25519 at openssh.com,
sk-ecdsa-sha2-nistp256 at openssh.com,
rsa-sha2-512,rsa-sha2-256,ssh-rsa
Please update the list of available values after -t in ssh-keygen.1.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list