> Hi, > > RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default > in OpenSSH. > > While The SSH protocol confusingly uses overlapping names for key and > signature algorithms, this does not stop the use of RSA keys and there > is no need to regenerate "ssh-rsa" keys - most servers released in the > last five years will automatically negotiate the use of RSA/SHA-256/512 > signatures.
I tested with an OpenBSD test VM upgraded from 6.9 to the latest snapshot. On my (Windows) Client I use MobaXTerm to connect to SSH sessions. In the authlog I can see the following: Sep 8 22:56:13 openbsd01 sshd[59648]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth] Sep 8 22:56:13 openbsd01 sshd[59648]: error: Received disconnect from <***> port 56358:14: No supported authentication methods available [preaut h] I suspect this is more of a problem with MobaXTerm tho than with OpenSSH, but maybe someone has similar experiences. I will also forward this to the MobaXTerm people and report back Simon
signature.asc
Description: PGP signature
