Colin Watson wrote in <20200223112808.GA22328@xxxxxxxxxxxxx>: |On Sat, Feb 22, 2020 at 05:06:29PM -0700, Bob Proulx wrote: |> Damien Miller wrote: |>> Future deprecation notice ... |No, the deprecation notice is talking about the key signature algorithm, |not the key type. SSH clients and servers agree a key signature |algorithm as part of their protocol negotiation. For RSA keys, all of |"ssh-rsa", "rsa-sha2-256", and "rsa-sha2-512" exist, using SHA-1, |SHA-256, and SHA-512 respectively as their hash algorithms. | |Unfortunately, the string "ssh-rsa" is used as both a key type name in |authorized_keys and as a key signature algorithm name, which has caused |a good deal of confusion with this deprecation notice, but the two |aren't actually the same thing. | |My understanding is (and more knowledgeable people should correct me if |I'm wrong) that this deprecation notice affects the following people: ... Thank you for the above and the following list. It does not affect me really, as i used "HostKeyAlgorithms ssh-rsa" and IdentityFile for the few hosts that use RSA (even exclusively, like elder Solaris installations i have access to), but i obviously did not really understand what the RSA change meant. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
