On Tue, 7 Sep 2021, Martijn van Duren wrote: > On Mon, 2021-08-30 at 10:08 +1000, Damien Miller wrote: > > Hi, > > > > RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default > > in OpenSSH. > > > > While The SSH protocol confusingly uses overlapping names for key and > > signature algorithms, this does not stop the use of RSA keys and there > > is no need to regenerate "ssh-rsa" keys - most servers released in the > > last five years will automatically negotiate the use of RSA/SHA-256/512 > > signatures. > > > > This has been coming for a long time, but I do expect it will be > > distruptive for some people as there are likely to be some devices > > out there that cannot be upgraded to support the safer algorithms. > > > > In these cases, it is possible to selectively re-enable RSA/SHA1 > > support by specifying PubkeyAcceptedAlgorithms=+ssh-rsa in the > > ssh_config(5) or sshd_config(5) for the endpoint. > > > > Please report any problems here, to bugs@ or to openssh@ > > > > Thanks, > > Damien > > > Just did an update to the latest snapshot and this breaks connection > to one of the older hosts I still need to connect to from time to time. > > Reverting this diff fixes the issue for me. > > According to -G it should work: > > $ ssh -G -oPubkeyAcceptedAlgorithms=ssh-rsa 10.255.3.242 | grep -i > PubkeyAcceptedAlgorithms > pubkeyacceptedalgorithms ssh-rsa > > But when trying it for real I get the following: > martijn$ ssh -vvvv -oPubkeyAcceptedAlgorithms=ssh-rsa x.x.x.x > OpenSSH_8.7, LibreSSL 3.4.0 [snip] > Unable to negotiate with x.x.x.x port 22: no matching host key type found. > Their offer: ssh-rsa,ssh-dss > > Same difference when using -oPubkeyAcceptedAlgorithms=+ssh-rsa, or > placing it in the ssh_config(5).
This is a case of the host key algorithm not matching, so you should use HostKeyAlgorithms=+ssh-rsa - I'll make sure to mention this in the release notes. PubkeyAcceptedAlgorithms is for user authentication. Generally, you should use the "Option=+algorithm" form rather than just "Option=algorithm" - the former adds the algorithm to the end of the list, so if the destination upgrades its crypto then you're not stuck using the old algorithm. -d
