Call for testing: OpenSSH 8.2

Phil Pennock phil.pennock at
Thu Feb 6 13:00:49 AEDT 2020

On 2020-02-05 at 20:39 -0500, Phil Pennock wrote:
> On 2020-02-06 at 10:29 +1100, Damien Miller wrote:
> > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This is a feature release.
> >  * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These

> This actually affects me: has very limited HostKeyAlgorithms
> advertised and my attempts to filter acceptable algorithms are based
> around lines from `ssh -Q key` (since before the newer - support for
> filtering) so I've been re-enabling ssh-rsa for, missing that
> there was another option.  I think I've stopped using clients old enough
> to not have -tag support for this option, so I'll switch over away from
> explicit enumeration.

Rediscovered part of why I was doing this: HostKeyAlgorithms is not
cumulative across rules, instead still being the "first match", even
when subsequent entries start with "+" or "-".

IMO the easiest way for people to safely test and discover what works
still is to have ssh config which looks like:

  Host *
    HostKeyAlgorithms -ssh-rsa*,ssh-dss*

  Host legacy
    HostKeyAlgorithms +ssh-rsa

Is changing to support this, as long as subsequent rules start +/-,
something sufficiently compatible that you'd consider it?

Yes, we can put the "HostKeyAlgorithms -ssh-rsa*,ssh-dss*" at the end of
the file, but then every host where we explicitly enable ssh-rsa, we
then have to also re-disable the things we don't intend to re-enable.

So I contend that the behavior of this is only obvious to OpenSSH
experts and it will cause me pain helping folks:

  Host legacy
    HostKeyAlgorithms +ssh-rsa
  Host *
    HostKeyAlgorithms -ssh-rsa*,ssh-dss*

  # net result: host legacy has ssh-dss* algorithms enabled, plus any
  # ssh-rsa* glob matches beyond ssh-rsa itself


More information about the openssh-unix-dev mailing list