[Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=3253

            Bug ID: 3253
           Summary: ssh-keygen man page still lists deprecated key types
                    for -t
           Product: Portable OpenSSH
           Version: 8.4p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-b...@mindrot.org
          Reporter: markus.k...@cl.cam.ac.uk

The man page ssh-keygen.1 still lists for option "-t" only the possible
values

  dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa

However the first of these ("dsa" generating an "ssh-dss" key) is
already disabled, the last of these (rsa) seems scheduled to be
disabled, and many newer key types are missing.

In comparison, the default list of acceptable keytypes for publickey
authentication is given in sshd_config.5 under option
PubkeyAcceptedKeyTypes as

ssh-ed25519-cert-...@openssh.com,
ecdsa-sha2-nistp256-cert-...@openssh.com,
ecdsa-sha2-nistp384-cert-...@openssh.com,
ecdsa-sha2-nistp521-cert-...@openssh.com,
sk-ssh-ed25519-cert-...@openssh.com,
sk-ecdsa-sha2-nistp256-cert-...@openssh.com,
rsa-sha2-512-cert-...@openssh.com,
rsa-sha2-256-cert-...@openssh.com,
ssh-rsa-cert-...@openssh.com,
ssh-ed25519,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
sk-ssh-ed25...@openssh.com,
sk-ecdsa-sha2-nistp...@openssh.com,
rsa-sha2-512,rsa-sha2-256,ssh-rsa

Please update the list of available values after -t in ssh-keygen.1.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs