[Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jan 19 03:46:02 AEDT 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3253

            Bug ID: 3253
           Summary: ssh-keygen man page still lists deprecated key types
                    for -t
           Product: Portable OpenSSH
           Version: 8.4p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: Markus.Kuhn at cl.cam.ac.uk

The man page ssh-keygen.1 still lists for option "-t" only the possible
values

  dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa

However the first of these ("dsa" generating an "ssh-dss" key) is
already disabled, the last of these (rsa) seems scheduled to be
disabled, and many newer key types are missing.

In comparison, the default list of acceptable keytypes for publickey
authentication is given in sshd_config.5 under option
PubkeyAcceptedKeyTypes as

ssh-ed25519-cert-v01 at openssh.com,
ecdsa-sha2-nistp256-cert-v01 at openssh.com,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,
sk-ssh-ed25519-cert-v01 at openssh.com,
sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,
rsa-sha2-512-cert-v01 at openssh.com,
rsa-sha2-256-cert-v01 at openssh.com,
ssh-rsa-cert-v01 at openssh.com,
ssh-ed25519,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
sk-ssh-ed25519 at openssh.com,
sk-ecdsa-sha2-nistp256 at openssh.com,
rsa-sha2-512,rsa-sha2-256,ssh-rsa

Please update the list of available values after -t in ssh-keygen.1.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list