On 9/20/20 10:11 AM, Pavel Raiskup wrote:
I'm curious about the effects of the change. It claims that RSA
2048 >= should
stay accepted by DEFAULT, and from what I can tell the host server key seems to
be RSA 2048 (at least that's what is generated by default on Debian 9):
$ ssh-keygen -l -f ssh_host_rsa_key.pub
2048 SHA256:<...> root@debian-9-host (RSA)
Sure, but the PubkeyAcceptedKeyTypes doesn't influence acceptable server
host keys (and if it did, the client should simply use another one of
the server's keys). PubkeyAcceptedKeyTypes influences what key types
the client will try to use for authentication.