"ssh -Q key" does not list rsa-sha2 algorithms

Darren Tucker dtucker at dtucker.net
Tue Jun 2 08:48:51 AEST 2020


On Tue, 2 Jun 2020 at 06:12, Christian Weisgerber <naddy at mips.inka.de> wrote
> On 2020-06-01, Ethan Rahn <ethan.rahn at gmail.com> wrote:
>
> > With the upcoming deprecation of ssh-rsa I was trying to see what keys my
> > version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key" does not
> > actually list the suggested algorithms to transition to ( rsa-sha2-256 and
> > rsa-sha2-512 ) even though they are supported.
>
> "-Q key" are the supported key formats.  For the signature algorithms,
> you want "-Q sig".  This is documented in the man page.

In addition, from version 8.2 ssh -Q will also accept ssh_config
keywords and emit the formats or algorithms accepted by that keyword,
eg.

$ ssh -V
OpenSSH_8.2p1, OpenSSL 1.1.1g FIPS  21 Apr 2020

$ ssh -Q PubkeyAcceptedKeyTypes
[...]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
[...]

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list