ssh backend: Change the default signature algorithm to rsa-sha2-256 #9726
Conversation
|
|
|
Hi @thomas-maurice , Thanks for the PR. My concern with this change is that it may break existing deployments. I agree it's unfortunate that the default is no longer supported by newer OSes, but I'm not sure that's yet reason enough for this change. |
|
@ncabatoff this change only affects the setups that have not forced the algorithm to be rsa-sha1. Also I am not sure how it would break existing deployments as the rsa-sha1 signature algorithm is now deprecated anyways and the issued certs just won't work |
|
@ncabatoff I just ran into this exact same issue. Having the default be something that is still accepted in modern openssh versions would really help a lot. Or at least put a disclaimer onto the documentation page and an example of how to manually change this |
|
I believe that this is (at least partially) addressed by #9824. The backend will use the key's signing algorithm if none is provided so if a cert has been signed with rsa-sha2-256, it will use that as the |
The current default rsa-sha1 signature algorithm for SSH certificates is now no longer accepted by modern versions of SSH (> 8.2).
It would make sense to update it to another algorithm that works out of the box and provides an increased level of security.