OpenSSH: Why ssh-rsa but not rsa-sha2-256/512 for HostKeyAlgorithms? #119
Comments
Jakuje
added a commit
to Jakuje/infosec.mozilla.org
that referenced
this issue
May 25, 2022
The recommendation for clients is very outdated not mentioning any RSA-SHA2 algorithms that are standardized for 4 years and the old RSA-SHA1 disabled in OpenSSH upstream causing interoperability problems for people following these guides https://datatracker.ietf.org/doc/html/rfc8332 https://www.openssh.com/txt/release-8.8 Resolves: mozilla#119
This was referenced May 25, 2022
|
If this isn't going to be maintained (even has a PR pending), it should be unpublished and archived, lest Mozilla recommend bad security practices for the world to stumble upon. The default configuration is more secure than your "modern" configuration and both of your configurations can not connect to some modern servers (offering only an RSA hostkey and thus only rsa-sha2-512,rsa-sha2-256). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The OpenSSH client guidelines include
ssh-rsa, but notrsa-sha2-256orrsa-sha2-512inHostKeyAlgorithms. I couldn't find the rationale and wondered if that's worth reconsidering.I'm raising the issue because the OpenSSH 8.2 release notes mention disabling
ssh-rsain "a near-future release" and listrsa-sha2-256/512as alternatives. Testing on my own systems revealed that github.com currently offersssh-dss,rsa-sha2-512,rsa-sha2-256,ssh-rsawhich is not acceptable withssh-rsaremoved from the current recommendation.Thanks for considering,
Kevin
The text was updated successfully, but these errors were encountered: