Mailing List Archive

Alternative check for depeciated ssh-rsa signature?
The recent release notes suggesting testing with
ssh -oHostKeyAlgorithms=-ssh-rsa user@host

I want to test with dropbear clients where I do not have fine grained
control of algorithms. I think, but want to confirm, that an
equivalent server side test is to run sshd with the sshd_config line
HostKeyAlgorithms -ssh-rsa,ssh-rsa-cert-v01@openssh.com

Thanks!

M
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Alternative check for depeciated ssh-rsa signature? [ In reply to ]
On Tue, 31 Aug 2021, M Rubon wrote:

> The recent release notes suggesting testing with
> ssh -oHostKeyAlgorithms=-ssh-rsa user@host
>
> I want to test with dropbear clients where I do not have fine grained
> control of algorithms. I think, but want to confirm, that an
> equivalent server side test is to run sshd with the sshd_config line
> HostKeyAlgorithms -ssh-rsa,ssh-rsa-cert-v01@openssh.com

That's correct, though AFAIK Dropbear doesn't support certificates
anyway.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev