Question about ssh-rsa deprecation notice (was: Announce: OpenSSH 8.2 released)
Steffen Nurpmeso
steffen at sdaoden.eu
Tue Feb 25 04:31:00 AEDT 2020
Colin Watson wrote in
<20200223112808.GA22328 at riva.ucam.org>:
|On Sat, Feb 22, 2020 at 05:06:29PM -0700, Bob Proulx wrote:
|> Damien Miller wrote:
|>> Future deprecation notice
...
|No, the deprecation notice is talking about the key signature algorithm,
|not the key type. SSH clients and servers agree a key signature
|algorithm as part of their protocol negotiation. For RSA keys, all of
|"ssh-rsa", "rsa-sha2-256", and "rsa-sha2-512" exist, using SHA-1,
|SHA-256, and SHA-512 respectively as their hash algorithms.
|
|Unfortunately, the string "ssh-rsa" is used as both a key type name in
|authorized_keys and as a key signature algorithm name, which has caused
|a good deal of confusion with this deprecation notice, but the two
|aren't actually the same thing.
|
|My understanding is (and more knowledgeable people should correct me if
|I'm wrong) that this deprecation notice affects the following people:
...
Thank you for the above and the following list. It does not
affect me really, as i used "HostKeyAlgorithms ssh-rsa" and
IdentityFile for the few hosts that use RSA (even exclusively,
like elder Solaris installations i have access to), but
i obviously did not really understand what the RSA change meant.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the openssh-unix-dev
mailing list