The ssh-rsa deprecation, and OpenSSH 7.4

Chris Danis cdanis at
Sat May 30 01:56:32 AEST 2020


The release notes for 8.2 and 8.3 (essentially) state that an OpenSSH
version of 7.2 or later is sufficient to avoid worrying about the
ssh-rsa public key algorithm deprecation.

But I'm pretty sure that sshd in specifically OpenSSH 7.4 won't be
fully compatible in a post-ssh-rsa-deprecation world, as it has a bug
introduced by a cleanup patch[0] which causes it to not enumerate
rsa-sha2-256 or rsa-sha2-512 in its server-sig-algs response in the
extended KEX.  This was fixed in 7.5.

Am I understanding everything correctly?  If so, maybe the release
notes should be clarified with this wrinkle about version numbers.

I'm not sure if it would also make sense to release a 7.4p2 that
includes the fix patch[1], but wanted to suggest it as an idea.

Additionally, while the release notes focus on a discussion of host
keys, I think that some discussion of user RSA public keys might also
be worthwhile to include.


Many thanks for all your work and time!

Chris Danis (he/him)
Sr. Site Reliability Engineer
Wikimedia Foundation

More information about the openssh-unix-dev mailing list