Ventura Drops Older SSH Support
Richard Staats (via Charlie Stross):
The reason for this issue is that MacOS 13 ships with OpenSSH_9.0p1 which has disabled RSA signatures on SHA-1 hash algorithms. If upgrading OpenSSH on the server and/or regenerating your SSH key isn’t an option you can workaround this issue by adding the following to your ~/.ssh/config file[…]
Update (2022-12-01): Stefan Reitshamer:
If you’re using Arq 7 to connect to a macOS Ventura SFTP server and you’re getting the error “Username/PublicKey combination invalid”, it may be due to Ventura’s upgrade to OpenSSH 9.1.
2 Comments RSS · Twitter
It’s really the OpenSSH project that disabled ssh-rsa by default and it is a security issue. “rsa-sha2-256" (RSA/SHA256), "rsa-sha2-512" (RSA/SHA512) have been available since OpenSSH 7.2 in 2016. These protocols use the same keys as ssh-rsa.
If you are affected by this it means you don’t have ssh sha2 support in your sshd. That means you are running a server that hasn’t been patched for years and if that’s on the Internet, it’s just irresponsible.
"Drops" is a strong word when it can still be configured on, but is just off by default for security.