7

Running on macOS, I see these available key algorithms:

$ ssh -V
OpenSSH_8.1p1, LibreSSL 2.7.3
$ ssh -Q key
ssh-ed25519
[email protected]
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

The only RSA algorithms are ssh-rsa and [email protected].

However, if I set this in my .ssh/config, there are no errors:

Host *
    HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256

But supplying garbage doesn't work, so these algorithms must be supported:

Host *
    HostKeyAlgorithms foo

$ ssh whatever
/Users/scott/.ssh/config line 35: Bad key types 'foo'.

Why are the rsa-sha2-512 and rsa-sha2-256 algorithms supported but not reported by ssh -Q key? Are there any other hidden algorithms that are supported? Is there any way to find them other than searching the source?

Improve this question
3
  • wow... what are the odds that you asked this in the same hour I was looking for this. I found that removing ssh-rsa from the HostKeyAlgorithms also removes rsa-sha2-256 and rsa-sha2-512. I'm trying to find a way of disabling ONLY ssh-rsa (Ubuntu 18.04 - OpenSSH 7.6p1)
    – Jonathon Anderson
    Commented Sep 9, 2021 at 17:07
  • @JonathonAnderson: it shouldn't, and doesn't on my 18.04 test system; ssh -vv -oHostKeyAlgorithms=-ssh-rsa still offers both rsa-sha2 methods -- plus [email protected] which is just as insecure as ssh-rsa but has a different name. Maybe you should post a question about your problem, although superuser might be more suitable than here.
    – dave_thompson_085
    Commented Sep 10, 2021 at 2:05
  • @dave_thomson_085 I think we're doing two different things. I was modifying sshd_config to change sshd server behavior. It looks like you're changing client behavior
    – Jonathon Anderson
    Commented Sep 11, 2021 at 17:14

1 Answer 1

Reset to default
13

The reason is that ssh -Q key asks about key types, not signature types.

For most key types in SSH, there is but one signature type: ecdsa-sha2-nistp384 will always use SHA-384, for example. However, an RSA key, which has type ssh-rsa, can be used with one of three signature algorithms: SHA-1, which confusingly is also called ssh-rsa; SHA-256 (rsa-sha2-256); or SHA-512 (rsa-sha2-512). The key type does not change, but the signature type does.

To determine signature types, you need ssh -Q sig, which, on my system with OpenSSH 8.4, prints the following:

ssh-ed25519
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
Improve this answer
3
  • And recent releasenotes warn OpenSSH plans to deprecate ssh-rsa signature but not keytype since it is as you say used by other signatures; see e.g. openssh.com/txt/release-8.7
    – dave_thompson_085
    Commented Sep 10, 2021 at 2:03
  • 1
    This makes perfect sense! Thank you for the answer. It seems like HostKeyAlgorithms might be poorly named, and perhaps man ssh_config for that setting is incomplete, as ssh -Q key is mentioned there, but not -Q sig.
    – Scott Colby
    Commented Sep 12, 2021 at 3:57
  • In the latest version, there is now -Q HostKeyAlgorithms, which if it is aliased properly might solve this confusion. man.openbsd.org/ssh#Q man.openbsd.org/ssh_config#HostKeyAlgorithms,
    – Scott Colby
    Commented Sep 12, 2021 at 4:04

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .