Future deprecation of ssh-rsa

Alex Harrison exharrison at yahoo.com
Wed Oct 21 12:21:06 AEDT 2020


Chris,
Thanks for the response! Maybe I shouldn't have mentioned UpdateHostKeys in my post. I only mentioned it because it is referenced in a way that I read as a part of the strategy to deprecate ssh-rsa - in the release notes for 8.4 and in a previous post regarding the deprecation notice: "We're still one or two steps away ATM, e.g. we still need to fix the corner cases in UpdateHostkeys and enable it)". My possibly faulty reading of context there was that these were steps leading up to the deprecation. 


I am perhaps imprecise and mis-communicating my understanding of the deprecation because I don't speak the language of ssh as well as some on here. My understanding, which I think is what you are highlighting in your response is that the deprecation is limited the sha1 based ssh-rsa signature algorithm. I understand rsa-sha2-256 and rsa-sha2-512 to be the sha2 alternatives which are continuing support. I'm sorry if I am still missing what you are saying. I actually rather appreciate the way you described it in a clarity I struggle to boil it down to as I just don't spend enough time in the ssh land(as you rightly surmised).


Thank you,
Alex






On Tuesday, October 20, 2020, 08:25:58 PM EDT, Chris Danis <cdanis at wikimedia.org> wrote: 





Alex,


Because you ask about UpdateHostKeys I think there might be a common
misunderstanding behind your post.  Apologies if I assumed wrongly!

RSA keys are not going away, and will continue to be supported.

'ssh-rsa' is the prefix used for the public keys as stored on disk,
but that on-disk key format is not what's being deprecated.

While this isn't obvious to those who aren't well-versed in SSH wire
protocol internals, in the context of the deprecation, 'ssh-rsa'
refers only to the ephemeral, over-the-wire signature algorithm used
to validate the client's possession of the key.

As long as both the client and server support the newer signature
algorithms like 'rsa-sha2-256' or 'rsa-sha2-512', your RSA keys will
continue to work.  (Also, the 'ssh-rsa' prefix is still used for the
key, even though the signature algorithm is now named differently.)

The necessary signature algorithm support was added in OpenSSH 7.2.

I hope this helps,

-- 
Chris Danis (he/him)
Staff Site Reliability Engineer
Wikimedia Foundation
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list