Re: Question about ssh-rsa deprecation notice (was: Announce: OpenSSH 8.2 released)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Colin Watson wrote in
<20200223112808.GA22328@xxxxxxxxxxxxx>:
 |On Sat, Feb 22, 2020 at 05:06:29PM -0700, Bob Proulx wrote:
 |> Damien Miller wrote:
 |>> Future deprecation notice
 ...
 |No, the deprecation notice is talking about the key signature algorithm,
 |not the key type.  SSH clients and servers agree a key signature
 |algorithm as part of their protocol negotiation.  For RSA keys, all of
 |"ssh-rsa", "rsa-sha2-256", and "rsa-sha2-512" exist, using SHA-1,
 |SHA-256, and SHA-512 respectively as their hash algorithms.
 |
 |Unfortunately, the string "ssh-rsa" is used as both a key type name in
 |authorized_keys and as a key signature algorithm name, which has caused
 |a good deal of confusion with this deprecation notice, but the two
 |aren't actually the same thing.
 |
 |My understanding is (and more knowledgeable people should correct me if
 |I'm wrong) that this deprecation notice affects the following people:
 ...

Thank you for the above and the following list.  It does not
affect me really, as i used "HostKeyAlgorithms ssh-rsa" and
IdentityFile for the few hosts that use RSA (even exclusively,
like elder Solaris installations i have access to), but
i obviously did not really understand what the RSA change meant.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux