I'm using the most up to date version of openssh on OL8 that I can patch to (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've tried adding HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01@xxxxxxxxxxx PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01@xxxxxxxxxxx or HostkeyAlgorithms +ssh-rsa-cert-v01@xxxxxxxxxxx,ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa-cert-v01@xxxxxxxxxxx,ssh-rsa to my .ssh/config and still receive an error message of: agent key RSA-CERT SHA256:..... returned incorrect signature type sign_and_send_pubkey: no mutual signature supported if I update-crpyto-policies to the DEFAULT policy, the connectivity works correctly. I'm a bit confused as to why openssh isn't using my personal config settings to override the system wide settings or am I not setting the necessary or is this by design? --- Regards, Kevin Martin _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev