Hello, The release notes for 8.2 and 8.3 (essentially) state that an OpenSSH version of 7.2 or later is sufficient to avoid worrying about the ssh-rsa public key algorithm deprecation. But I'm pretty sure that sshd in specifically OpenSSH 7.4 won't be fully compatible in a post-ssh-rsa-deprecation world, as it has a bug introduced by a cleanup patch[0] which causes it to not enumerate rsa-sha2-256 or rsa-sha2-512 in its server-sig-algs response in the extended KEX. This was fixed in 7.5. Am I understanding everything correctly? If so, maybe the release notes should be clarified with this wrinkle about version numbers. I'm not sure if it would also make sense to release a 7.4p2 that includes the fix patch[1], but wanted to suggest it as an idea. Additionally, while the release notes focus on a discussion of host keys, I think that some discussion of user RSA public keys might also be worthwhile to include. refs: [0]: https://anongit.mindrot.org/openssh.git/commit/?id=130f5df4f [1]: https://anongit.mindrot.org/openssh.git/commit/?id=183ba55aa Many thanks for all your work and time! -- Chris Danis (he/him) Sr. Site Reliability Engineer Wikimedia Foundation _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
