"ssh -Q key" does not list rsa-sha2 algorithms

Brian Candler b.candler at pobox.com
Tue Jun 2 18:48:32 AEST 2020

On 01/06/2020 23:48, Darren Tucker wrote:
> On Tue, 2 Jun 2020 at 06:12, Christian Weisgerber<naddy at mips.inka.de>  wrote
>> On 2020-06-01, Ethan Rahn<ethan.rahn at gmail.com>  wrote:
>>> With the upcoming deprecation of ssh-rsa I was trying to see what keys my
>>> version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key" does not
>>> actually list the suggested algorithms to transition to ( rsa-sha2-256 and
>>> rsa-sha2-512 ) even though they are supported.
>> "-Q key" are the supported key formats.  For the signature algorithms,
>> you want "-Q sig".  This is documented in the man page.
> In addition, from version 8.2 ssh -Q will also accept ssh_config
> keywords and emit the formats or algorithms accepted by that keyword,

There is also "-Q key-sig" in recent versions (not sure exactly how 
recent, but 7.6 doesn't have it)

More information about the openssh-unix-dev mailing list