Log public key algorithms that is used for authentication
ssh-rsa
is currently used by users for pubkey authentication. However, RSA
with SHA-1
is deprecated and eventually we want to deprecate and remove support for it.
The first step is to log public key algorithms: https://gitlab.com/gitlab-org/gitlab-shell/-/blob/f8fe5dfdb431839985fe2923952ad073bf2f4022/internal/sshd/server_config.go#L134. Ideally, we need to find a way to distinguish between ssh-rsa
that is using SHA-1
and ssh-rsa
that is using SHA-2
. Note: https://stackoverflow.com/questions/69656858/git-bash-ssh-connection-issue/69657512#69657512
* The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
algorithms have the advantage of using the same key type as
"ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
supported since OpenSSH 7.2 and are already used by default if the
client and server support them.
Related issue: Keys generated by ssh-rsa algorithm are not sup... (#543 - closed)