Future deprecation of ssh-rsa

Damien Miller djm at mindrot.org
Wed Oct 21 13:06:31 AEDT 2020


On Wed, 21 Oct 2020, Alex Harrison wrote:

> For the last few releases, there has been a notice that ssh-rsa will
> be deprecated in a near-future release. Is there a target release
> for this deprecation to take effect? I saw in the 8.4 release notes
> that UpdateHostKeys is going to be default enabled in the next release
> to prepare for this. Is it likely that 8.6 will deprecate ssh-rsa
> after a release cycle of UpdateHostKeys being default or are we likely
> talking further in the future than that?
>
> I apologize if this has been asked before and I've missed it. I've
> tried reading threads that looked relevant and did not see the answer.

No, we haven't set a target date yet. It really depends on how well
turning on UpdateHostKeys goes, how quickly a release with UpdateHostKeys
ends up on common OS distributions and a couple of other things.

What we'll probably do is start by turning off ssh-rsa in git HEAD at
after the next release, and leave it off until close to the next release.
This will give people who use OpenSSH HEAD (e.g. the users of OpenBSD
-current) some experience with the practical impact of the change while
we're giving time for UpdateHostKeys to reach a wider population and do
its thing.

-d


More information about the openssh-unix-dev mailing list