Question about host key algorithms

Luveh Keraph 1.41421 at gmail.com
Tue Mar 3 08:07:01 AEDT 2020


When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the
following output:

ssh-ed25519
ssh-ed25519-cert-v01 at openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01 at openssh.com
ssh-dss-cert-v01 at openssh.com
ecdsa-sha2-nistp256-cert-v01 at openssh.com
ecdsa-sha2-nistp384-cert-v01 at openssh.com
ecdsa-sha2-nistp521-cert-v01 at openssh.com

The thing is,  one can invoke both client and server with -o
HostKeyAlgorithms=rsa-sha2-256, or -o HostKeyAlgorithms=rsa-sha2-512, and
everything's OK.

Why is it that rsa-sha2-* are not displayed in the output above? In fact,
no option to -Q elicits them, and they are not mentioned in the OpenSSH
client and server man pages.

Is this intentional?


More information about the openssh-unix-dev mailing list