Ventura (I have 13.0 Beta (22A5342f)), ships with OpenSSH_9.0p1. According to the OpenSSH release notes:
In my case this meant that the RSA keys that I had generated using just ssh-keygen without specifying a key type ended up with RSA signatures using the now deprecated SHA-1 hash algorithm. Put simply this meant that I could no longer log in to my Mac running Ventura from devices with deprecated keys.
A workaround is described in this Reddit thread: SSH in Ventura
Perhaps a better solution is to generate keys based on a more secure hash algorithm. For the time being, I'm switching to ed25519
Which you can generate like this:
I'd be interested in reading alternative thoughts on this.
This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]
In my case this meant that the RSA keys that I had generated using just ssh-keygen without specifying a key type ended up with RSA signatures using the now deprecated SHA-1 hash algorithm. Put simply this meant that I could no longer log in to my Mac running Ventura from devices with deprecated keys.
A workaround is described in this Reddit thread: SSH in Ventura
Perhaps a better solution is to generate keys based on a more secure hash algorithm. For the time being, I'm switching to ed25519
Which you can generate like this:
Code:
ssh-keygen -t ed25519 -C "comment"
I'd be interested in reading alternative thoughts on this.
Last edited: