OpenBSD Journal

RSA/SHA1 signature type disabled by default in OpenSSH

Contributed by rueda on from the Really Senile Algorthms dept.

In a message to tech@ Damien Miller (djm@) explained the consequences of his recent commit:

RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default
in OpenSSH.

While The SSH protocol confusingly uses overlapping names for key and
signature algorithms, this does not stop the use of RSA keys and there
is no need to regenerate "ssh-rsa" keys - most servers released in the
last five years will automatically negotiate the use of RSA/SHA-256/512

This has been coming for a long time, but I do expect it will be
distruptive for some people as there are likely to be some devices
out there that cannot be upgraded to support the safer algorithms.

In these cases, it is possible to selectively re-enable RSA/SHA1
support by specifying PubkeyAcceptedAlgorithms=+ssh-rsa in the
ssh_config(5) or sshd_config(5) for the endpoint.

Please report any problems here, to bugs@ or to openssh@


  • The "ssh-rsa" signature type is now disabled by default.
  • "ssh-rsa" signatures can be selectively re-enabled if necessary.
  • RSA ("ssh-rsa") keys are not affected by this change and remain valid.

(Comments are closed)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]