14
iamrp
4y

OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm. The better alternatives include:

1. RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms (now used by default if the client and server support them).

2. The ssh-ed25519 signature algorithm.

3. ECDSA algorithms: ecdsa-sha2-nistp256/384/521.

In this release, support for FIDO/U2F hardware tokens. Also noteworthy, a future release of OpenSSH will enable UpdateHostKeys by default to allow the client to automatically migrate to better algorithms.

Comments
Add Comment