search for: ohashalg

...ssh.com. Below is a summary of changes. More detail may be found in the ChangeLog in the portable OpenSSH tarballs. Thanks to the many people who contributed to this release. Changes since OpenSSH 9.2 ========================= New features ------------ * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 * sshd(8): add a `sshd -G` option that parses and prints the effective configuration without attempting to load private keys and perform other checks. This allows usage of the option before keys ha...

...ction and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This problem was found by the Coverity static analyzer. New features ------------ * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 * sshd(8): add a `sshd -G` option that parses and prints the effective configuration without attempting to load private keys and perform other checks. This allows usage of the option before keys ha...

...martcard that lacked > support for particular signature algorithms was used to store > host keys. > > * ssh-keygen(1): when using RSA keys to sign messages with > "ssh-keygen -Y", select the signature algorithm based on the > requested hash algorithm ("-Ohashalg=xxx"). This allows using > something other than the default of rsa-sha2-512, which may not > be supported on all signing backends, e.g. some smartcards only > support SHA256. > > * ssh(1), sshd(8), ssh-keyscan(1): fix ML-KEM768x25519 KEX on > big-endian systems....

...situations where a PKCS#11 smartcard that lacked support for particular signature algorithms was used to store host keys. * ssh-keygen(1): when using RSA keys to sign messages with "ssh-keygen -Y", select the signature algorithm based on the requested hash algorithm ("-Ohashalg=xxx"). This allows using something other than the default of rsa-sha2-512, which may not be supported on all signing backends, e.g. some smartcards only support SHA256. * ssh(1), sshd(8), ssh-keyscan(1): fix ML-KEM768x25519 KEX on big-endian systems. * Many regression and inter...