Question about ssh-rsa deprecation notice (was: Announce: OpenSSH 8.2 released)

Jochen Bern Jochen.Bern at
Sun Feb 23 13:34:36 AEDT 2020

On 02/23/2020 01:06 AM, Bob Proulx wrote:
> Clear enough.  "ssh-rsa" is being deprecated.  If we see "ssh-rsa"
> in our authorized_keys file we should migrate away from it.  Gotcha.
> Hmm...  "ssh-rsa" is okay if we are using other than SHA-1 signature
> hashes.  Hmm...  But, but, but...  "ssh-rsa" is being deprecated!  As
> stated just in the previous paragraph!  Cognitive Dissonance!
> Could these statements be clarified for the poor feeble minded folks

I was confused in pretty much the same way - until I shoved a suitably
old RSA keypair onto a freshly installed machine and did an "ssh -vvv -i
$THE_OLD_PRIVKEY localhost":

> debug2: we sent a publickey packet, wait for reply
> debug3: sign_and_send_pubkey: signing using rsa-sha2-256
> debug3: send packet: type 50
> debug3: receive packet: type 52
> debug1: Authentication succeeded (publickey).

Then I ran "ssh-keygen -t rsa-sha2-256 ...", and lo:

> $ sed -e 's/ .* / ... /' .ssh/ 
> ssh-rsa ... Jochen.Bern at

My conclusion (pending smiting by the actual experts on this list ;-) :
An RSA *keypair* is *just* RSA until the moment it gets used, while a
*certificate* is *signed in its creation*, which pinpoints a hash
function *therein* once and for all; note how the up-to-date ssh-keygen
manpage gives a list of keywords for the "-t" option that includes only
"rsa", and then continues to mention "rsa-sha2-256" and "rsa-sha2-512"
*for certificate creation*.

(I'm nonetheless urging the local users to create new *RSA and ed25519*
keypairs on this occasion, the latter as a failsafe if some then
"olden-style RSA" should one day go the way of sudden blacklisting, and
a new RSA keypair per my how-to so that they'll have one with *all
three* boosts to security (-b ... -a ... -m RFC4716).)

Kind regards,
Jochen Bern

Binect GmbH
Robert-Koch-Straße 9
64331 Weiterstadt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the openssh-unix-dev mailing list