That's because the query lists key types and not signature types.
They are somewhat separate things and we're still trying to
figure out how best to untangle them.
On Thu, 24 May 2018, Yegor Ievlev wrote:
> By default "ssh -Q key" doesn't show more secure rsa-sha2-512
and
> rsa-sha2-256 key algorithms. This PR shows them unless the user
> specifies that they only want key algorithms that support encryption.
>
> ssh.c:
> 744c744
> < cp = sshkey_alg_list(0, 0, 0, '\n');
> ---
> > cp = sshkey_alg_list(0, 0, 1, '\n');
> 746c746
> < cp = sshkey_alg_list(1, 0, 0, '\n');
> ---
> > cp = sshkey_alg_list(1, 0, 1, '\n');
> 748c748,750
> < cp = sshkey_alg_list(0, 1, 0, '\n');
> ---
> > cp = sshkey_alg_list(0, 1, 1, '\n');
> > else if (strcmp(optarg, "key-encrypt") == 0)
> > cp = sshkey_alg_list(0, 0, 0, '\n');
>
> Please set email of commit to koops1997+github at gmail.com and name to
> Yegor Ievlev, so commit will be attributed to me on GitHub.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>