Question about ssh-rsa deprecation notice (was: Announce: OpenSSH 8.2 released)

Bob Proulx bob at proulx.com
Sun Feb 23 11:06:29 AEDT 2020


I am trying to understand the details of the deprecation notice.
Because I am getting people asking me questions.  And I don't know the
answer.  Therefore I am pushing the boulder uphill and asking here. :-)

Damien Miller wrote:
> Future deprecation notice
> =========================
> 
> It is now possible[1] to perform chosen-prefix attacks against the
> SHA-1 algorithm for less than USD$50K. For this reason, we will be
> disabling the "ssh-rsa" public key signature algorithm by default in a
> near-future release.

Clear enough.  "ssh-rsa" is being deprecated.  If we see "ssh-rsa"
in our authorized_keys file we should migrate away from it.  Gotcha.
I assume this is for both user keys and for host keys so the same
would apply to the known_hosts file too.

  grep ssh-rsa ~/.ssh/authorized_keys && echo Deprecation Waring: Time to upgrade!

> This algorithm is unfortunately still used widely despite the
> existence of better alternatives, being the only remaining public key
> signature algorithm specified by the original SSH RFCs.
> 
> The better alternatives include:
> 
>  * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
>    algorithms have the advantage of using the same key type as
>    "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
>    supported since OpenSSH 7.2 and are already used by default if the
>    client and server support them.

Hmm...  "ssh-rsa" is okay if we are using other than SHA-1 signature
hashes.  Hmm...  But, but, but...  "ssh-rsa" is being deprecated!  As
stated just in the previous paragraph!  Cognitive Dissonance!

Could these statements be clarified for the poor feeble minded folks
like myself that are not deeply knowledgeable about the internals and
are looking for a way to know if we need to take action or do not need
to take action.  At least enough to answer the questions other users
are asking me about what this actually means and whether they need to
take action or not.

Thanks!
Bob


More information about the openssh-unix-dev mailing list