Package: openssh-client Version: 1:7.4p1-6 Severity: normal ssh_config(5) lists "ssh -Q key" as the way to discover valid algorithms for the HostKeyAlgorithms page. However, neither the man page nor that option lists the rsa-sha2-256 and rsa-sha2-512 options.
Since these values are not documented, users are likely to omit them, resulting in negotiating weaker signature algorithms (RSA/SHA-1) than they might otherwise have. -- System Information: Debian Release: 9.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-client depends on: ii adduser 3.115 ii dpkg 1.18.22 ii libc6 2.24-9 ii libedit2 3.1-20160903-3 ii libgssapi-krb5-2 1.15-1 ii libselinux1 2.6-3 ii libssl1.0.2 1.0.2k-1 ii passwd 1:4.4-3 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages openssh-client recommends: ii xauth 1:1.0.9-1 Versions of packages openssh-client suggests: pn keychain <none> pn libpam-ssh <none> pn monkeysphere <none> pn ssh-askpass <none> -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature
