Call for testing: OpenSSH 8.2

Phil Pennock phil.pennock at
Thu Feb 6 15:15:13 AEDT 2020

On 2020-02-06 at 14:41 +1100, Damien Miller wrote:
> No, sorry - the rules evaluation is enough of a mess without adding
> more corner cases where first-match-doesn't-always-win...

Fair.  Thanks for the feedback. :)

> I don't think that is correct. Host legacy won't have ssh-dss enabled
> because that isn't in the default set of algs to begin with.

Ugh.  Okay, bad example, sorry.  I should have stuck to what I'm
actually using.  For $reasons, I'm disabling all RSA by default,
sticking to ECC for pubkey usage in SSH.  I re-enable it where needed
for some hosts.  Legacy was my euphemism for "no ECC".

  Host legacy
    HostKeyAlgorithms +rsa-sha2-256,rsa-sha2-512
  Host *
    HostKeyAlgorithms -ssh-rsa*,ssh-dss*,rsa-sha*

This will re-enable ssh-rsa for host legacy.

Since HostKeyAlgorithms takes a single list, which can take a single
+/-/^ at the start, we can't use pairs where we add some and remove
others.  So at present, doing calculations to get the correct list is
more fragile using +/- syntax than is a complete enumeration.

It's manageable, with careful comments, it's just not pretty; I don't
hard-code to what they _currently_ send because I want to benefit when
they upgrade, so:

  # 2020-02-05: Their offer: ssh-dss,rsa-sha2-512,rsa-sha2-256,ssh-rsa
  # Public service with no certificate authority.
  # ssh -Q key-sig | grep -v cert-v | grep -Ev '^ssh-(rsa|dss)' | tr $'\n' , | sed s/,\$// ; echo
  HostKeyAlgorithms ssh-ed25519,sk-ssh-ed25519 at,rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at

FWIW, while has updated to allow rsa-sha2-* algorithms,
very public hosts which will currently cause people pain because they
only allow ssh-rsa include:

 *   (also ssh-dss)
 * AWS codecommit hosts (at least, the one I touch)


More information about the openssh-unix-dev mailing list