Question about host key algorithms
Christian Hesse
list at eworm.de
Tue Mar 3 08:24:47 AEDT 2020
Luveh Keraph <1.41421 at gmail.com> on Mon, 2020/03/02 14:07:
> When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the
> following output:
>
> ssh-ed25519
> ssh-ed25519-cert-v01 at openssh.com
> ssh-rsa
> ssh-dss
> ecdsa-sha2-nistp256
> ecdsa-sha2-nistp384
> ecdsa-sha2-nistp521
> ssh-rsa-cert-v01 at openssh.com
> ssh-dss-cert-v01 at openssh.com
> ecdsa-sha2-nistp256-cert-v01 at openssh.com
> ecdsa-sha2-nistp384-cert-v01 at openssh.com
> ecdsa-sha2-nistp521-cert-v01 at openssh.com
>
> The thing is, one can invoke both client and server with -o
> HostKeyAlgorithms=rsa-sha2-256, or -o HostKeyAlgorithms=rsa-sha2-512, and
> everything's OK.
>
> Why is it that rsa-sha2-* are not displayed in the output above? In fact,
> no option to -Q elicits them, and they are not mentioned in the OpenSSH
> client and server man pages.
>
> Is this intentional?
You should query for HostKeyAlgorithms
ssh -Q HostKeyAlgorithms
That list should contain rsa-sha2-256 and rsa-sha2-512.
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Best regards my address: */=0;b=c[a++];)
putchar(b-1/(/* Chris cc -ox -xc - && ./x */b/42*2-3)*42);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200302/82378e2d/attachment.asc>
More information about the openssh-unix-dev
mailing list