ssh -Q key not listing all key types?
I am having some problems with understanding which types of host keys my SSH daemon actually provides or supports (stock debian buster, sshd 7.9.p1). From the manual (
HostKeyAlgorithms Specifies the host key algorithms that the server offers. The default for this option is: email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com,firstname.lastname@example.org, email@example.com, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa The list of available key types may also be obtained using "ssh -Q key".
Please note the last line. When following the advice given there:
root@odysseus /var/log # ssh -Q key ssh-ed25519 firstname.lastname@example.org ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com
I've got two questions:
As an example, the man page states that
rsa-sha2-256is part of the default for
HostKeyAlgorithms. But this string does not appear in the output of
ssh -Q key.
How does this fit together? How can something be a default which even doesn't exist?
The above example implies that
ssh-rsamight be insecure, because it doesn't have
sha2in its name, and thus might be
What does the string
-firstname.lastname@example.org some of the algorithm type names mean? Are these the types for certificate-based authentication?
What you're asking for here with
ssh -Q keyis a listing of all the key types. With the
rsa-sha2-256signature algorithm, as well as the obsolete
ssh-rsa(RSA with SHA-1) algorithm, the key type is still
ssh-rsa, since both types of signatures use the exact same key. If you want to know what signature types are available, run
ssh -Q sig(example from my Debian sid system):
$ ssh -Q sig ssh-ed25519 email@example.com ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 firstname.lastname@example.org email@example.com
On newer versions of OpenSSH, you also have
ssh -Q HostKeyAlgorithms, which prints the values that are valid in that option:
$ ssh -Q HostKeyAlgorithms ssh-ed25519 firstname.lastname@example.org email@example.com firstname.lastname@example.org ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org
Note that whether your fingerprint is SHA-2 or not has nothing to do with the signature algorithm. If you generate an RSA key, it can be used for both SHA-1 and SHA-2 signature unless you specify otherwise. You would typically want to remove
HostKeyAlgorithmsoption unless you have a compelling reason to use it, or you can just solve the problem entirely by using an Ed25519 key, which always uses a secure algorithm.
-email@example.com indicates an OpenSSH certificate. This is useful if you have a controlled environment, like a company, and you want to create a certificate authority to sign OpenSSH keys and restrict access to only those keys.