Allow SHA1 deprecation for rsa-sha

Damien Miller djm at
Thu Apr 6 08:29:10 AEST 2017

On Wed, 5 Apr 2017, Jakub Jelen wrote:

> Disabling SHA-1 for signatures sounds like a good idea these days (and was the
> main reason why the extension created if I read it right [1]).
> This leaves me confused if the use case without SHA1 was missed from the draft
> or it was left as an implementation detail, that was not implemented in
> OpenSSH.

The reasons we didn't implement disabling RSA/SHA1 were basically:

1) The protocol extension used to negotiate the RSA/SHA2 methods is still
   an early draft and is subject to change
2) Hardly any other implementations support the necessary extension.
3) Support for RSA/SHA2 signatures is still incomplete, e.g. they aren't
   usable with PKCS#11 tokens yet.

IMO users who want a stronger signature hash algorithm should use ed25519
or one of the ECDSA methods for the time being. All of these use SHA2 hashes.


More information about the openssh-unix-dev mailing list