server-sig-algs
extensions.Note: some implementations may be limited to client-side - i.e., we provide a capability for the client to detect if the server supports the extension and then use it, but our server does not publish it as being supported.
Section | Extension | Client | Server |
---|---|---|---|
4.3 | posix-rename@openssh.com | Yes | Yes |
4.4 | statvfs@openssh.com | Yes | Yes |
4.4 | fstatvfs@openssh.com | Yes | Yes |
4.5 | hardlink@openssh.com | Yes | Yes |
4.6 | fsync@openssh.com | Yes | Yes |
4.7 | lsetstat@openssh.com | Yes | Yes |
4.8 | limits@openssh.com | Yes | Yes |
4.10 | copy-data | Yes | Yes |
supported
- DRAFT 05 - section 4.4supported2
- DRAFT 13 section 5.4versions
- DRAFT 09 Section 4.6vendor-id
- DRAFT 09 - section 4.4acl-supported
- DRAFT 11 - section 5.4newline
- DRAFT 09 Section 4.3md5-hash
, md5-hash-handle
- DRAFT 09 - section 9.1.1check-file-handle
, check-file-name
- DRAFT 09 - section 9.1.2copy-file
, copy-data
- DRAFT 00 - sections 6, 7space-available
- DRAFT 09 - section 9.2filename-charset
, filename-translation-control
- DRAFT 13 - section 6 - only client sidediffie-hellman-group1-sha1, diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1, diffie-hellman-group14-sha256 , diffie-hellman-group15-sha512, diffie-hellman-group16-sha512, diffie-hellman-group17-sha512, diffie-hellman-group18-sha512 , ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256, curve25519-sha256@libssh.org, curve448-sha512
If Bouncy Castle is present, the following post-quantum cryptography (PQC) hybrid key exchanges are also supported: sntrup761x25519-sha512, sntrup761x25519-sha512@openssh.com, mlkem768x25519-sha256, mlkem768nistp256-sha256, and mlkem1024nistp384-sha384.
net.i2p.crypto.eddsa
as an optional dependency - if both are present, net.i2p.crypto.eddsa
is used) , sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com , ssh-rsa-cert-v01@openssh.com, ssh-dss-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com , ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com , ecdsa-sha2-nistp521-cert-v01@openssh.comNote: The above list contains all the supported security settings in the code. However, in accordance with the latest recommendations the default client/server setup includes only the security settings that are currently considered safe to use. Users who wish to include the unsafe settings must do so explicitly. The following settings have been deprecated and are no longer included in the default setup:
Caveat:: According to RFC 8332 - section 3.31
Implementation experience has shown that there are servers that apply authentication penalties to clients attempting public key algorithms that the SSH server does not support.
When authenticating with an RSA key against a server that does not implement the “server-sig-algs” extension, clients MAY default to an “ssh-rsa” signature to avoid authentication penalties. When the new rsa-sha2-* algorithms have been sufficiently widely adopted to warrant disabling “ssh-rsa”, clients MAY default to one of the new algorithms.
This means that users that encounter this (and related) problems must modify the supported security settings explicitly in order to avoid the issue.
Special notice: ssh-rsa
was left in as part of the default setup since there are still a lot of systems / users using it. However, in future version it will be removed from the default. We therefore strongly encourage users to migrate to other keys (e.g. ECDSA, ED25519) as soon as possible.