Question about host key algorithms

Luveh Keraph 1.41421 at gmail.com
Tue Mar 3 08:29:25 AEDT 2020


$ ssh -Q HostKeyAlgorithms
Unsupported query "HostKeyAlgorithms"
$ ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2u  20 Dec 2019

On Mon, Mar 2, 2020 at 2:24 PM Christian Hesse <list at eworm.de> wrote:

> Luveh Keraph <1.41421 at gmail.com> on Mon, 2020/03/02 14:07:
> > When I do ssh -Q key, where ssh is the OpenSSH 7.4p1 client, I get the
> > following output:
> >
> > ssh-ed25519
> > ssh-ed25519-cert-v01 at openssh.com
> > ssh-rsa
> > ssh-dss
> > ecdsa-sha2-nistp256
> > ecdsa-sha2-nistp384
> > ecdsa-sha2-nistp521
> > ssh-rsa-cert-v01 at openssh.com
> > ssh-dss-cert-v01 at openssh.com
> > ecdsa-sha2-nistp256-cert-v01 at openssh.com
> > ecdsa-sha2-nistp384-cert-v01 at openssh.com
> > ecdsa-sha2-nistp521-cert-v01 at openssh.com
> >
> > The thing is,  one can invoke both client and server with -o
> > HostKeyAlgorithms=rsa-sha2-256, or -o HostKeyAlgorithms=rsa-sha2-512, and
> > everything's OK.
> >
> > Why is it that rsa-sha2-* are not displayed in the output above? In fact,
> > no option to -Q elicits them, and they are not mentioned in the OpenSSH
> > client and server man pages.
> >
> > Is this intentional?
>
> You should query for HostKeyAlgorithms
>
> ssh -Q HostKeyAlgorithms
>
> That list should contain rsa-sha2-256 and rsa-sha2-512.
> --
> main(a){char*c=/*    Schoene Gruesse                         */"B?IJj;MEH"
> "CX:;",b;for(a/*    Best regards             my address:    */=0;b=c[a++];)
> putchar(b-1/(/*    Chris            cc -ox -xc - && ./x
> */b/42*2-3)*42);}
>


More information about the openssh-unix-dev mailing list