On Thu, Apr 6, 2017 at 12:29 AM, Damien Miller <djm@xxxxxxxxxxx> wrote: > 3) Support for RSA/SHA2 signatures is still incomplete, e.g. they aren't > usable with PKCS#11 tokens yet. Could you please elaborate on what that means? I only use RSA keys with PKCS11 tokens (OpenSC), and it works with SHA2. > IMO users who want a stronger signature hash algorithm should use ed25519 > or one of the ECDSA methods for the time being. All of these use SHA2 hashes. Exactly what I do, when I don't need to use a legacy key on a PKCS11 token... Thanks, Nuno _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev