"ssh -Q key" does not list rsa-sha2 algorithms
Ethan Rahn
ethan.rahn at gmail.com
Tue Jun 2 09:26:50 AEST 2020
Thank you both for the clarifications. I notice that openssh 7.8 does not
support "ssh -Q sig" either.
I think it's great that later versions of openssh will support easier ways
of querying possible options to understand what is supported on the
compiled code.
Cheers,
Ethan
On Mon, Jun 1, 2020 at 3:49 PM Darren Tucker <dtucker at dtucker.net> wrote:
> On Tue, 2 Jun 2020 at 06:12, Christian Weisgerber <naddy at mips.inka.de>
> wrote
> > On 2020-06-01, Ethan Rahn <ethan.rahn at gmail.com> wrote:
> >
> > > With the upcoming deprecation of ssh-rsa I was trying to see what keys
> my
> > > version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key"
> does not
> > > actually list the suggested algorithms to transition to ( rsa-sha2-256
> and
> > > rsa-sha2-512 ) even though they are supported.
> >
> > "-Q key" are the supported key formats. For the signature algorithms,
> > you want "-Q sig". This is documented in the man page.
>
> In addition, from version 8.2 ssh -Q will also accept ssh_config
> keywords and emit the formats or algorithms accepted by that keyword,
> eg.
>
> $ ssh -V
> OpenSSH_8.2p1, OpenSSL 1.1.1g FIPS 21 Apr 2020
>
> $ ssh -Q PubkeyAcceptedKeyTypes
> [...]
> ssh-rsa
> rsa-sha2-256
> rsa-sha2-512
> [...]
>
> --
> Darren Tucker (dtucker at dtucker.net)
> GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
More information about the openssh-unix-dev
mailing list