On 10/03/2021 15:55, Daniel Pocock wrote: > Does the command for checking ssh-rsa distinguish between SHA-1 > (insecure) and SHA-2? The older ssh-rsa algorithm *only* uses SHA-1. The SHA-2 versions are rsa-sha2-256 and rsa-sha2-512. If connecting to a server succeeds when the former is excluded, the server supports SHA-2. If it does not, it only supports SHA-1. This also has nothing to do with the MACs setting; HMAC-SHA1 is still secure (as is HMAC-MD5).
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
