Bug#854650: openssh-client: does not list rsa-sha2-256 and rsa-sha2-512

To: "brian m. carlson" <sandals@crustytoothpaste.net>, 854650@bugs.debian.org
Subject: Bug#854650: openssh-client: does not list rsa-sha2-256 and rsa-sha2-512
From: Colin Watson <cjwatson@debian.org>
Date: Wed, 4 Oct 2017 13:19:07 +0100
Message-id: <[🔎] 20171004121906.qqzntjwpt7kwhmmg@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 854650@bugs.debian.org
In-reply-to: <20170209002803.ajspw27siea4csrb@genre.crustytoothpaste.net>
References: <20170209002803.ajspw27siea4csrb@genre.crustytoothpaste.net> <20170209002803.ajspw27siea4csrb@genre.crustytoothpaste.net>

On Thu, Feb 09, 2017 at 12:28:05AM +0000, brian m. carlson wrote:
> ssh_config(5) lists "ssh -Q key" as the way to discover valid algorithms
> for the HostKeyAlgorithms page.  However, neither the man page nor that
> option lists the rsa-sha2-256 and rsa-sha2-512 options.
> 
> Since these values are not documented, users are likely to omit them,
> resulting in negotiating weaker signature algorithms (RSA/SHA-1) than
> they might otherwise have.

This seems to be at least somewhat deliberate, although I don't know
why:

  https://anongit.mindrot.org/openssh.git/commit/?id=3a13cb543df9919aec2fc6b75f3dd3802facaeca

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Prev by Date: Processed: Re: Bug#614818: openssh-client: ssh(1) man page should note id_rsa encryption now uses AES, not 3DES
Next by Date: Re: Bug#872978: openssh-server: /run/sshd not created if ssh.socket is enabled
Previous by thread: Processed: Re: Bug#614818: openssh-client: ssh(1) man page should note id_rsa encryption now uses AES, not 3DES
Next by thread: Re: Bug#872978: openssh-server: /run/sshd not created if ssh.socket is enabled
Index(es):
- Date
- Thread