Question about ssh-rsa deprecation notice (was: Announce: OpenSSH 8.2 released)
Jochen.Bern at binect.de
Sun Feb 23 13:34:36 AEDT 2020
On 02/23/2020 01:06 AM, Bob Proulx wrote:
> Clear enough. "ssh-rsa" is being deprecated. If we see "ssh-rsa"
> in our authorized_keys file we should migrate away from it. Gotcha.
> Hmm... "ssh-rsa" is okay if we are using other than SHA-1 signature
> hashes. Hmm... But, but, but... "ssh-rsa" is being deprecated! As
> stated just in the previous paragraph! Cognitive Dissonance!
> Could these statements be clarified for the poor feeble minded folks
I was confused in pretty much the same way - until I shoved a suitably
old RSA keypair onto a freshly installed machine and did an "ssh -vvv -i
> debug2: we sent a publickey packet, wait for reply
> debug3: sign_and_send_pubkey: signing using rsa-sha2-256
> debug3: send packet: type 50
> debug3: receive packet: type 52
> debug1: Authentication succeeded (publickey).
Then I ran "ssh-keygen -t rsa-sha2-256 ...", and lo:
> $ sed -e 's/ .* / ... /' .ssh/id_rsa.pub
> ssh-rsa ... Jochen.Bern at Binect.de
My conclusion (pending smiting by the actual experts on this list ;-) :
An RSA *keypair* is *just* RSA until the moment it gets used, while a
*certificate* is *signed in its creation*, which pinpoints a hash
function *therein* once and for all; note how the up-to-date ssh-keygen
manpage gives a list of keywords for the "-t" option that includes only
"rsa", and then continues to mention "rsa-sha2-256" and "rsa-sha2-512"
*for certificate creation*.
(I'm nonetheless urging the local users to create new *RSA and ed25519*
keypairs on this occasion, the latter as a failsafe if some then
"olden-style RSA" should one day go the way of sudden blacklisting, and
a new RSA keypair per my how-to so that they'll have one with *all
three* boosts to security (-b ... -a ... -m RFC4716).)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
More information about the openssh-unix-dev