The public key signature algorithms to be used in client
authentication can be selected in the sshd2_config
file
using the AuthPublicKey.Algorithms
keyword. The keyword
defines the public key signature algorithms that the server will propose and
accept to authenticate the user. Using the keyword, it is possible to enable
only certain hash functions, such as SHA-2. A message is signed with a hash
generated using a signature algorithm and then verified by the receiver
using the same signature algorithm. Multiple public key algorithms can be
specified as a comma-separated list.
AuthPublicKey.Algorithms ssh-dss-sha224@ssh.com
The system will attempt to use the different signature algorithms in the sequence they are specified on the line. The client should have at least one algorithm in common with the server configuration. The supported signature algorithms are the following:
ssh-dss | ssh-rsa-sha384@ssh.com |
ssh-dss-sha224@ssh.com | ssh-rsa-sha512@ssh.com |
ssh-dss-sha256@ssh.com | x509v3-sign-rsa |
ssh-dss-sha384@ssh.com | x509v3-sign-rsa-sha224@ssh.com |
ssh-dss-sha512@ssh.com | x509v3-sign-rsa-sha256@ssh.com |
x509v3-sign-dss | x509v3-sign-rsa-sha384@ssh.com |
x509v3-sign-dss-sha224@ssh.com | x509v3-sign-rsa-sha512@ssh.com |
x509v3-sign-dss-sha256@ssh.com | ecdsa-sha2-nistp256 |
x509v3-sign-dss-sha384@ssh.com | ecdsa-sha2-nistp384 |
x509v3-sign-dss-sha512@ssh.com | ecdsa-sha2-nistp521 |
ssh-rsa | x509v3-ecdsa-sha2-nistp256 |
ssh-rsa-sha224@ssh.com | x509v3-ecdsa-sha2-nistp384 |
ssh-rsa-sha256@ssh.com | x509v3-ecdsa-sha2-nistp521 |
Special values for this option are the following:
Any
: includes all supported signature algorithms.
AnyStd
: includes the following signature algorithms from the IETF SSH standards:
ecdsa-sha2-nistp256
,
ecdsa-sha2-nistp384
,
ecdsa-sha2-nistp521
,
x509v3-ecdsa-sha2-nistp256
,
x509v3-ecdsa-sha2-nistp384
,
x509v3-ecdsa-sha2-nistp521
,
x509v3-sign-dss
,
x509v3-sign-rsa
,
ssh-dss
, and
ssh-rsa
.
AnyPublicKeyAlgorithm
: the same as Any
.
AnyStdPublicKeyAlgorithm
: the same as AnyStd
.
The default public key signature algorithms are:
ecdsa-sha2-nistp256 | ssh-rsa-sha256@ssh.com |
ecdsa-sha2-nistp384 | ssh-dss |
ecdsa-sha2-nistp521 | ssh-dss-sha256@ssh.com |
x509v3-ecdsa-sha2-nistp256 | x509v3-sign-dss |
x509v3-ecdsa-sha2-nistp384 | x509v3-sign-dss-sha256@ssh.com |
x509v3-ecdsa-sha2-nistp521 | x509v3-sign-rsa |
ssh-rsa | x509v3-sign-rsa-sha256@ssh.com |