This is a pet peeve of mine: unless you have a citation for an actual viable attack on RSA as used in SSH, or perhaps on the protocol SSH uses for RSA-based authentication, this is *not* insecure at all and those changed defaults indicate that either OpenSSH or your distribution is doing something stupid.
Not disagreeing with you here, but the ssh-rsa host key deprecation actually has nothing to do with RSA.
It's because it relies on SHA-1, and SHA-1 is known to be broken. See the details here: https://www.openssh.com/txt/release-8.2 _______________________________________________ cfarm-users mailing list cfarm-users@lists.tetaneutral.net https://lists.tetaneutral.net/listinfo/cfarm-users
