The host key signature algorithms to be used in server authentication and
host-based authentication can be selected in the
sshd2_config
file using the
HostKeyAlgorithms
keyword. The keyword defines the host key
signature algorithms that the server will propose and accept to authenticate the
host. Using the keyword, it is possible to enable only certain hash functions,
such as SHA-2. A message is signed with a hash generated using a signature
algorithm and then verified by the receiver using the same signature algorithm.
Multiple host key algorithms can be specified as a comma-separated list.
HostKeyAlgorithms ssh-dss-sha224@ssh.com
The system will attempt to use the different signature algorithms in the sequence they are specified on the line. The client should have at least one algorithm in common with the server configuration. The supported signature algorithms are the following:
ssh-dss | ssh-rsa |
ssh-dss-sha224@ssh.com | ssh-rsa-sha224@ssh.com |
ssh-dss-sha256@ssh.com | ssh-rsa-sha256@ssh.com |
ssh-dss-sha384@ssh.com | ssh-rsa-sha384@ssh.com |
ssh-dss-sha512@ssh.com | ssh-rsa-sha512@ssh.com |
x509v3-sign-dss | x509v3-sign-rsa |
x509v3-sign-dss-sha224@ssh.com | x509v3-sign-rsa-sha224@ssh.com |
x509v3-sign-dss-sha256@ssh.com | x509v3-sign-rsa-sha256@ssh.com |
x509v3-sign-dss-sha384@ssh.com | x509v3-sign-rsa-sha384@ssh.com |
x509v3-sign-dss-sha512@ssh.com | x509v3-sign-rsa-sha512@ssh.com |
Special values for this option are the following:
The default host key signature algorithms are:
ssh-rsa | x509v3-sign-dss |
ssh-rsa-sha256@ssh.com | x509v3-sign-dss-sha256@ssh.com |
ssh-dss | x509v3-sign-rsa |
ssh-dss-sha256@ssh.com | x509v3-sign-rsa-sha256@ssh.com |