On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a feature release. > * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These Confirmed with building openssh-SNAP-20200206.tar.gz in an alpine 3.11.2 release that there's something a bit strange going on. ssh_config(5) describes for `HostKeyAlgorithms` that: } The list of available key types may also be obtained using "ssh -Q key" Running `ssh -Q key`, the output does not include these proposed replacements. Only in sshd_config(5): rsa-sha2-512-cert-v01@xxxxxxxxxxx rsa-sha2-256-cert-v01@xxxxxxxxxxx rsa-sha2-512 rsa-sha2-256 Only in `ssh -Q key`: ssh-dss ssh-dss-cert-v01@xxxxxxxxxxx Regards, -Phil ( This actually affects me: github.com has very limited HostKeyAlgorithms advertised and my attempts to filter acceptable algorithms are based around lines from `ssh -Q key` (since before the newer - support for filtering) so I've been re-enabling ssh-rsa for github.com, missing that there was another option. I think I've stopped using clients old enough to not have -tag support for this option, so I'll switch over away from explicit enumeration. ) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
