On Tue, 2 Jun 2020 at 06:12, Christian Weisgerber <naddy@xxxxxxxxxxxx> wrote
> On 2020-06-01, Ethan Rahn <ethan.rahn@xxxxxxxxx> wrote:
>
> > With the upcoming deprecation of ssh-rsa I was trying to see what keys my
> > version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key" does not
> > actually list the suggested algorithms to transition to ( rsa-sha2-256 and
> > rsa-sha2-512 ) even though they are supported.
>
> "-Q key" are the supported key formats. For the signature algorithms,
> you want "-Q sig". This is documented in the man page.
In addition, from version 8.2 ssh -Q will also accept ssh_config
keywords and emit the formats or algorithms accepted by that keyword,
eg.
$ ssh -V
OpenSSH_8.2p1, OpenSSL 1.1.1g FIPS 21 Apr 2020
$ ssh -Q PubkeyAcceptedKeyTypes
[...]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
[...]
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
