PSA: Your ssh-rsa keys are NOT BEING DEPRECATED in ssh. ssh-rsa keys can, under the hood, be used with SHA-1 signatures or SHA-256 signatures. You don't need to regenerate your keys. No need to panic.
Show this thread
OpenSSH's advisory was worded very confusingly, but the way it works is that ssh-rsa *keys* can be used with both the ssh-rsa *algorithm* and the rsa-sha2-256 *algorithm*. If both sides support the latter then there is no SHA1 in use.
-
-
This also applies to hardware tokens, e.g. YubiKeys. The token doesn't know nor care how its ssh-rsa support is being used. It works fine. Use `ssh -vvv` to check for rsa-sha2-512 or rsa-sha2-256.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I tried to migrate to ed25519 keys years ago but every once in a while I find some service or app that only supports rsa...
-
I largely migrated to ed25519 (with a backup RSA key for that stuff)... then migrated back to RSA to be able to use YubiKeys.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.