Looking for a working example of sshd_config setup fille

bruce badouglas at gmail.com
Tue Aug 19 14:13:09 UTC 2025 

hi collin..

so, ur basically saying..  keep the keys, just update the client/server for
completeness and u should be ok.  which means u could also remove the lines
the op had in the server sshd_config.

did it get that right


On Tue, Aug 19, 2025, 9:44 AM Colin Watson <cjwatson at ubuntu.com> wrote:

> On Tue, Aug 19, 2025 at 07:32:28AM -0400, bruce wrote:
> >On Tue, Aug 19, 2025 at 4:39 AM Colin Watson <cjwatson at ubuntu.com> wrote:
> >> On Mon, Aug 18, 2025 at 09:09:59PM -0400, bruce wrote:
> >> >I would suspect the initial system, the client that was used to setup
> the
> >> >initial keys, used the earlier Sha rsa.  He might try re-running the
> key
> >> >creation process on the client, if the os is more recent.
> >>
> >> Please don't give this advice.  The switch to newer signature algorithms
> >> (from ssh-rsa to rsa-sha2-*) is transparent if both the client and the
> >> server support it: it does _not_ require regenerating keys.
> >
> >  if the user runs the same process with the same keys, wouldn't the
> >user get the same response, which isn't working.
> >
> >If the issue is the older ssh-rsa key, are you implying that that key
> >would be useful/err free if the client/server handles the rsa-sha2?
> >(even with old key) Or does the user have to regen, using the rsa-sha2
> >implementation?
>
> The ssh-rsa and rsa-sha2-* SSH signature algorithms use the exact same
> keys; they just use a different process for making signatures using
> those keys.  There is no need to regenerate keys here.
>
> This is a case where a lot of people got hung up on a confusing entry in
> some release notes and started propagating a lot of misinformation about
> needing to switch away from RSA or to regenerate keys.  But it's really
> not needed.  Just use reasonably current versions of SSH clients and
> servers and you'll be fine.
>
> --
> Colin Watson (he/him)                              [cjwatson at ubuntu.com]
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20250819/8d5bb03a/attachment-0001.html>

More information about the ubuntu-users mailing list