PSA: Your ssh-rsa keys are NOT BEING DEPRECATED in ssh. ssh-rsa keys can, under the hood, be used with SHA-1 signatures or SHA-256 signatures. You don't need to regenerate your keys. No need to panic.
Show this thread
-
OpenSSH's advisory was worded very confusingly, but the way it works is that ssh-rsa *keys* can be used with both the ssh-rsa *algorithm* and the rsa-sha2-256 *algorithm*. If both sides support the latter then there is no SHA1 in use.
Show this thread
This also applies to hardware tokens, e.g. YubiKeys. The token doesn't know nor care how its ssh-rsa support is being used. It works fine. Use `ssh -vvv` to check for rsa-sha2-512 or rsa-sha2-256.
![Adam [he/him]](https://pbs.twimg.com/profile_images/2328235588/mky7liyb93paqco9cfuk_normal.gif)
-
-
That said, if you're reconfiguring servers and clients anyway, wouldn't it be a good excuse to migrate to ssh-ed25519? I've started pushing out this cipher suite config to most of my boxes: https://www.antikernel.net/temp/sshd_config …
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.