Bug#854650: openssh-client: does not list rsa-sha2-256 and rsa-sha2-512
On Thu, Feb 09, 2017 at 12:28:05AM +0000, brian m. carlson wrote:
> ssh_config(5) lists "ssh -Q key" as the way to discover valid algorithms
> for the HostKeyAlgorithms page. However, neither the man page nor that
> option lists the rsa-sha2-256 and rsa-sha2-512 options.
>
> Since these values are not documented, users are likely to omit them,
> resulting in negotiating weaker signature algorithms (RSA/SHA-1) than
> they might otherwise have.
This seems to be at least somewhat deliberate, although I don't know
why:
https://anongit.mindrot.org/openssh.git/commit/?id=3a13cb543df9919aec2fc6b75f3dd3802facaeca
--
Colin Watson [cjwatson@debian.org]
Reply to: