In EasyMorph 5.6.0, we have updated the list of supported SSH host key algorithms and added new RSA signature algorithms rsa-sha2-256 and rsa-sha2-512
List of supported algorithms by EasyMorph SSH command:
ssh-ed25519
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa
ssh-dss
rsa-sha2-256
rsa-sha2-512
Algorithms rsa-sha2-256 and rsa-sha2-512 are considered more secure than ssh-rsa. The reason is that the SHA-1 hash algorithm used in the ssh-rsa is cryptographically broken, so SHA-1 was replaced with SHA-2. EasyMorph continues to support the ssh-rsa algorithm for compatibility with the older sshd\Linux editions.
In the newer Linux editions, the algorithm ssh-rsa is mostly disabled by the vendor for security reasons.
You could turn off the ssh-rsa and use rsa-sha2-256 or rsa-sha2-512 for the RSA keys. This can be done by updating the sshd server configuration settings PubkeyAcceptedAlgorithms in file /etc/ssh/sshd_config .
Check your sshd/Linux server for the supported algorithms before updating the configuration to prevent lock-in.
PubkeyAcceptedAlgorithms
Specifies the signature algorithms that will be accepted for public key authentication as a list of comma-
separated patterns. Alternately if the specified list begins with a ‘+’ character, then the specified
algorithms will be appended to the default set instead of replacing them. If the specified list begins with
a ‘-’ character, then the specified algorithms (including wildcards) will be removed from the default set
instead of replacing them. If the specified list begins with a ‘^’ character, then the specified algorithms
will be placed at the head of the default set.