That's because the query lists key types and not signature types. They are somewhat separate things and we're still trying to figure out how best to untangle them. On Thu, 24 May 2018, Yegor Ievlev wrote: > By default "ssh -Q key" doesn't show more secure rsa-sha2-512 and > rsa-sha2-256 key algorithms. This PR shows them unless the user > specifies that they only want key algorithms that support encryption. > > ssh.c: > 744c744 > < cp = sshkey_alg_list(0, 0, 0, '\n'); > --- > > cp = sshkey_alg_list(0, 0, 1, '\n'); > 746c746 > < cp = sshkey_alg_list(1, 0, 0, '\n'); > --- > > cp = sshkey_alg_list(1, 0, 1, '\n'); > 748c748,750 > < cp = sshkey_alg_list(0, 1, 0, '\n'); > --- > > cp = sshkey_alg_list(0, 1, 1, '\n'); > > else if (strcmp(optarg, "key-encrypt") == 0) > > cp = sshkey_alg_list(0, 0, 0, '\n'); > > Please set email of commit to koops1997+github@xxxxxxxxx and name to > Yegor Ievlev, so commit will be attributed to me on GitHub. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev