On 2021/09/08 09:03, Damien Miller wrote: > This is a case of the host key algorithm not matching, so you > should use HostKeyAlgorithms=+ssh-rsa - I'll make sure to mention > this in the release notes.
People seem to really be having a hard time grasping what's being disabled by default. And it doesn't help with the confusion that a large well-known site doing a lot of SSH traffic for many users are handling ssh-rsa deprecation as "old user RSA keys will still work with SHA-1 but new ones will need SHA-2" (creating an artificial link between user keys and host key algorithm that doesn't exist in the protocol).
