[Bug 1871465] Re: ssh_config(5) contains outdated information
Athos Ribeiro
1871465 at bugs.launchpad.net
Wed Nov 17 12:33:59 UTC 2021
This has been fixed upstream, as shown in [1] and is available in jammy.
[1] https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636
** Also affects: openssh (Ubuntu Impish)
Importance: Undecided
Status: New
** Also affects: openssh (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: openssh (Ubuntu Hirsute)
Importance: Undecided
Status: New
** Changed in: openssh (Ubuntu)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1871465
Title:
ssh_config(5) contains outdated information
Status in openssh package in Ubuntu:
Fix Committed
Status in openssh source package in Focal:
New
Status in openssh source package in Hirsute:
New
Status in openssh source package in Impish:
New
Bug description:
The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list
of CACertificateAlgorithms. However the latest `openssh-client` still
ships the man page for ssh_config(5) that contains the following
description:
CASignatureAlgorithms
Specifies which algorithms are allowed for signing of certificates
by certificate authorities (CAs). The default is:
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
ssh(1) will not accept host certificates signed using algorithms
other than those specified.
As far as I am concerned, `ssh-rsa` should be dropped from the list so
as to match the behavior of ssh(1).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions
More information about the foundations-bugs
mailing list