https://bugzilla.mindrot.org/show_bug.cgi?id=3253
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Darren Tucker <[email protected]> --- (In reply to Markus Kuhn from comment #0) > The man page ssh-keygen.1 still lists for option "-t" only the > possible values > > dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa > > However the first of these ("dsa" generating an "ssh-dss" key) is > already disabled, It's not disabled in ssh-keygen: $ ssh-keygen -t dsa -f key -N '' Generating public/private dsa key pair. Your identification has been saved in key Your public key has been saved in key.pub > the last of these (rsa) seems scheduled to be > disabled, RSA keys are not scheduled to be deprecated. One authentication algorithm that uses RSA keys with a weak hash (ie ssh-rsa, which uses sha1) is. Existing and new RSA keys can still be used with the stronger sha2 variants as long as both client and server support them. > and many newer key types are missing. > > In comparison, the default list of acceptable keytypes for publickey > authentication is given in sshd_config.5 under option > PubkeyAcceptedKeyTypes as Unfortunately that keyword is pretty misleading. It specifies *algorithms* not *key types*. (In its defense, the lists were equivalent when the keyword was added, they diverged later). We should consider changing its name. > Please update the list of available values after -t in ssh-keygen.1. I think the list in ssh-keygen is accurate as it stands now. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
