Alternative check for depeciated ssh-rsa signature?

Damien Miller djm at
Wed Sep 1 09:22:56 AEST 2021

On Tue, 31 Aug 2021, M Rubon wrote:

> The recent release notes suggesting testing with
>    ssh -oHostKeyAlgorithms=-ssh-rsa user at host
> I want to test with dropbear clients where I do not have fine grained
> control of algorithms.  I think, but want to confirm, that an
> equivalent server side test is to run sshd with the sshd_config line
>    HostKeyAlgorithms   -ssh-rsa,ssh-rsa-cert-v01 at

That's correct, though AFAIK Dropbear doesn't support certificates


More information about the openssh-unix-dev mailing list