From 8cc8986f4dcba78405d9b27a6853dbe9b738f0c3 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Tue, 17 Mar 2020 15:40:28 +0100
Subject: ssh: Put ssh-rsa last

---
 lib/ssh/doc/src/ssh_app.xml   | 2 +-
 lib/ssh/src/ssh_transport.erl | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml
index 87faf203ae..6e8fedab9a 100644
--- a/lib/ssh/doc/src/ssh_app.xml
+++ b/lib/ssh/doc/src/ssh_app.xml
@@ -181,9 +181,9 @@
 	  <item>ecdsa-sha2-nistp256</item>
 	  <item>ssh-ed25519</item>
 	  <item>ssh-ed448</item>
-	  <item>ssh-rsa</item>
 	  <item>rsa-sha2-256</item>
 	  <item>rsa-sha2-512</item>
+	  <item>ssh-rsa</item>
 	  <item>ssh-dss</item>
 	</list>
       </item>
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 2cad1bced1..8a688fcd4a 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -150,10 +150,10 @@ supported_algorithms(public_key) ->
        {'ecdsa-sha2-nistp256',  [{public_keys,ecdsa}, {hashs,sha256}, {curves,secp256r1}]},
        {'ssh-ed25519',          [{public_keys,eddsa}, {curves,ed25519}                    ]},
        {'ssh-ed448',            [{public_keys,eddsa}, {curves,ed448}                      ]},
-       {'ssh-rsa',              [{public_keys,rsa},   {hashs,sha}                         ]},
        {'rsa-sha2-256',         [{public_keys,rsa},   {hashs,sha256}                      ]},
        {'rsa-sha2-512',         [{public_keys,rsa},   {hashs,sha512}                      ]},
-       {'ssh-dss',              [{public_keys,dss},   {hashs,sha}                         ]} % Gone in OpenSSH 7.3.p1
+       {'ssh-dss',              [{public_keys,dss},   {hashs,sha}                         ]}, % Gone in OpenSSH 7.3.p1
+       {'ssh-rsa',              [{public_keys,rsa},   {hashs,sha}                         ]}
       ]);
  
 supported_algorithms(cipher) ->
-- 
cgit v1.2.1


From ee327399ef25902c272ad5e3ce12749ad567f0b8 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Tue, 17 Mar 2020 15:40:52 +0100
Subject: ssh: Deprecate ssh-rsa

---
 system/doc/general_info/deprecations_23.inc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/system/doc/general_info/deprecations_23.inc b/system/doc/general_info/deprecations_23.inc
index dace484bb8..8d92f63d76 100644
--- a/system/doc/general_info/deprecations_23.inc
+++ b/system/doc/general_info/deprecations_23.inc
@@ -16,6 +16,14 @@
       </p>
     </section>
 
+    <section>
+	<title>ssh</title>
+	<p>The public key algorithm <c>'ssh-rsa</c> is regarded as insecure due
+	to its usage of SHA1, and is therfore deprecated.
+	It will not be available by default from OTP-24.
+	</p>
+    </section>
+
     <section>
       <title>pg2</title>
       <p>
-- 
cgit v1.2.1