The problem is that (AFAIK) OpenSSH doesn't work with EC tokens. On the other hand, I've been using RSA with SHA-2 successfully with several tokens (mostly PIV). Regards, Uri Sent from my iPhone > On Apr 5, 2017, at 19:00, Nuno Gonçalves <nunojpg@xxxxxxxxx> wrote: > >> On Thu, Apr 6, 2017 at 12:29 AM, Damien Miller <djm@xxxxxxxxxxx> wrote: >> 3) Support for RSA/SHA2 signatures is still incomplete, e.g. they aren't >> usable with PKCS#11 tokens yet. > > Could you please elaborate on what that means? I only use RSA keys > with PKCS11 tokens (OpenSC), and it works with SHA2. > >> IMO users who want a stronger signature hash algorithm should use ed25519 >> or one of the ECDSA methods for the time being. All of these use SHA2 hashes. > > Exactly what I do, when I don't need to use a legacy key on a PKCS11 token... > > Thanks, > Nuno > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev