This has been fixed upstream, as shown in [1] and is available in jammy.
[1] https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 ** Also affects: openssh (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: openssh (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: openssh (Ubuntu Hirsute) Importance: Undecided Status: New ** Changed in: openssh (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Focal: New Status in openssh source package in Hirsute: New Status in openssh source package in Impish: New Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
