On Thu, Feb 09, 2017 at 12:28:05AM +0000, brian m. carlson wrote: > ssh_config(5) lists "ssh -Q key" as the way to discover valid algorithms > for the HostKeyAlgorithms page. However, neither the man page nor that > option lists the rsa-sha2-256 and rsa-sha2-512 options. > > Since these values are not documented, users are likely to omit them, > resulting in negotiating weaker signature algorithms (RSA/SHA-1) than > they might otherwise have.
This seems to be at least somewhat deliberate, although I don't know why: https://anongit.mindrot.org/openssh.git/commit/?id=3a13cb543df9919aec2fc6b75f3dd3802facaeca -- Colin Watson [[email protected]]
