Looking for a working example of sshd_config setup fille

[Colin Watson]

On Tue, Aug 19, 2025 at 07:32:28AM -0400, bruce wrote:
>On Tue, Aug 19, 2025 at 4:39 AM Colin Watson <cjwatson at ubuntu.com> wrote:
>> On Mon, Aug 18, 2025 at 09:09:59PM -0400, bruce wrote:
>> >I would suspect the initial system, the client that was used to setup the
>> >initial keys, used the earlier Sha rsa.  He might try re-running the key
>> >creation process on the client, if the os is more recent.
>>
>> Please don't give this advice.  The switch to newer signature algorithms
>> (from ssh-rsa to rsa-sha2-*) is transparent if both the client and the
>> server support it: it does _not_ require regenerating keys.
>
>  if the user runs the same process with the same keys, wouldn't the
>user get the same response, which isn't working.
>
>If the issue is the older ssh-rsa key, are you implying that that key
>would be useful/err free if the client/server handles the rsa-sha2?
>(even with old key) Or does the user have to regen, using the rsa-sha2
>implementation?

The ssh-rsa and rsa-sha2-* SSH signature algorithms use the exact same 
keys; they just use a different process for making signatures using 
those keys.  There is no need to regenerate keys here.

This is a case where a lot of people got hung up on a confusing entry in 
some release notes and started propagating a lot of misinformation about 
needing to switch away from RSA or to regenerate keys.  But it's really 
not needed.  Just use reasonably current versions of SSH clients and 
servers and you'll be fine.

-- 
Colin Watson (he/him)                              [cjwatson at ubuntu.com]