Hi,
RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default
in OpenSSH.
While The SSH protocol confusingly uses overlapping names for key and
signature algorithms, this does not stop the use of RSA keys and there
is no need to regenerate "ssh-rsa" keys - most servers released in the
last five years will automatically negotiate the use of RSA/SHA-256/512
signatures.
This has been coming for a long time, but I do expect it will be
distruptive for some people as there are likely to be some devices
out there that cannot be upgraded to support the safer algorithms.
In these cases, it is possible to selectively re-enable RSA/SHA1
support by specifying PubkeyAcceptedAlgorithms=+ssh-rsa in the
ssh_config(5) or sshd_config(5) for the endpoint.
Please report any problems here, to bugs@ or to openssh@
Thanks,
Damien
---------- Forwarded message ----------
Date: Mon, 30 Aug 2021 09:53:10
From: Damien Miller <d...@cvs.openbsd.org>
To: source-chan...@cvs.openbsd.org
Subject: CVS: cvs.openbsd.org: src
CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2021/08/29 17:53:10
Modified files:
usr.bin/ssh : myproposal.h
Log message:
After years of forewarning, disable the RSA/SHA-1 signature algorithm
by default. It is feasible to create colliding SHA1 hashes, so we
need to deprecate its use.
RSA/SHA-256/512 remains available and will be transparently selected
instead of RSA/SHA1 for most SSH servers released in the last five+
years. There is no need to regenerate RSA keys.
The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the
PubkeyAcceptedAlgorithms directives on the client and server.
ok dtucker deraadt
