Public bug reported:
The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list
of CACertificateAlgorithms. However the latest `openssh-client` still
ships the man page for ssh_config(5) that contains the following
description:
CASignatureAlgorithms
Specifies which algorithms are allowed for signing of certificates
by certificate authorities (CAs). The default is:
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
ssh(1) will not accept host certificates signed using algorithms
other than those specified.
As far as I am concerned, `ssh-rsa` should be dropped from the list so
as to match the behavior of ssh(1).
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
** Tags: manpage
** Description changed:
The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list
of CACertificateAlgorithms. However the latest `openssh-client` still
ships the man page for ssh_config(5) that contains the following
description:
- CASignatureAlgorithms
- Specifies which algorithms are allowed for signing of
certificates by certificate authorities (CAs). The default is:
+ CASignatureAlgorithms
+ Specifies which algorithms are allowed for signing of
certificates
+ by certificate authorities (CAs). The default is:
-
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
- ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
- ssh(1) will not accept host certificates signed using
- algorithms other than those specified.
+ ssh(1) will not accept host certificates signed using algorithms
+ other than those specified.
As far as I am concerned, `ssh-rsa` should be dropped from the list so
as to match the behavior of ssh(1).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1871465
Title:
ssh_config(5) contains outdated information
Status in openssh package in Ubuntu:
New
Bug description:
The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list
of CACertificateAlgorithms. However the latest `openssh-client` still
ships the man page for ssh_config(5) that contains the following
description:
CASignatureAlgorithms
Specifies which algorithms are allowed for signing of
certificates
by certificate authorities (CAs). The default is:
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
ssh(1) will not accept host certificates signed using algorithms
other than those specified.
As far as I am concerned, `ssh-rsa` should be dropped from the list so
as to match the behavior of ssh(1).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
