search for: include_sigonly

...sa-sha2-512 > rsa-sha2-256 Those are "sign only" algorithms that use the same RSA keys but with a stronger signature algorithms. It looks like the advice in sshd_config(5) is not accurate (I think ssh -Q needs an option that calls sshkey_alg_list with certs_only=0, plain_only=0 and include_sigonly=1 for this case). > Only in `ssh -Q key`: > ssh-dss > ssh-dss-cert-v01 at openssh.com The list in sshd_config(5) is the types allowed by default, and DSA (aka ssh-dss) keys are no longer allowed by default. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19...

https://bugzilla.mindrot.org/show_bug.cgi?id=2680 Bug ID: 2680 Summary: Regression in server-sig-algs offer in 7.4p1 (Deprecation of SHA1 is not being enforced) Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at