Thank you both for the clarifications. I notice that openssh 7.8 does not support "ssh -Q sig" either. I think it's great that later versions of openssh will support easier ways of querying possible options to understand what is supported on the compiled code. Cheers, Ethan On Mon, Jun 1, 2020 at 3:49 PM Darren Tucker <dtucker@xxxxxxxxxxx> wrote: > On Tue, 2 Jun 2020 at 06:12, Christian Weisgerber <naddy@xxxxxxxxxxxx> > wrote > > On 2020-06-01, Ethan Rahn <ethan.rahn@xxxxxxxxx> wrote: > > > > > With the upcoming deprecation of ssh-rsa I was trying to see what keys > my > > > version of OpenSSH ( 7.8p1 ) supports. I noticed that "ssh -Q key" > does not > > > actually list the suggested algorithms to transition to ( rsa-sha2-256 > and > > > rsa-sha2-512 ) even though they are supported. > > > > "-Q key" are the supported key formats. For the signature algorithms, > > you want "-Q sig". This is documented in the man page. > > In addition, from version 8.2 ssh -Q will also accept ssh_config > keywords and emit the formats or algorithms accepted by that keyword, > eg. > > $ ssh -V > OpenSSH_8.2p1, OpenSSL 1.1.1g FIPS 21 Apr 2020 > > $ ssh -Q PubkeyAcceptedKeyTypes > [...] > ssh-rsa > rsa-sha2-256 > rsa-sha2-512 > [...] > > -- > Darren Tucker (dtucker at dtucker.net) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
