Hi, Following the fix [1] being released on 7.5, now SHA2 RSA signature methods work properly. On the other hand it is still not possible to disable SHA1 RSA alone (as an example, as SHA2-256 or SHA2-512 could also potentially be not desirable), where it is considered insecure or undesirable. I am proposing to add a mechanism, and happy to submit a patch, to enable selection of the Hashes allowed for RSA. If all or any of SHA1, SHA2-256, and SHA2-512. The straighforward solution would be just to adapt all options that currently accept "ssh-rsa" to mean that they accept (SHA1,SHA2-256,SHA2-512), and to use rsa-sha2-256 and rsa-sha2-512 to mean just the specific hash formats. So ssh-rsa would mean the same as now, and in the future deprecation for sha1 could be enforced by replacing the config with "rsa-sha2-256,rsa-sha2-512". Unfortunately this doesn't cover the possibility the user wants to disable instead sha2 and only allow sha1. For that case I propose to extend keytypes at sshkey.c, with an additional "rsa-sha1" algorithm. This means that ssh-rsa would be the "legacy" configuration, with the same meaning as "rsa-sha1, rsa-sha2-256, rsa-sha2-512". I would appreciate comments if this is seen fit. Also, since I am lacking on understanding the ssh protocol, I question if this sha2 extensions also apply "ssh-rsa-cert-v01@xxxxxxxxxxx". Thanks, Nuno [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2680 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
