OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm. The better alternatives include:

1. RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms (now used by default if the client and server support them).

2. The ssh-ed25519 signature algorithm.

3. ECDSA algorithms: ecdsa-sha2-nistp256/384/521.

In this release, support for FIDO/U2F hardware tokens. Also noteworthy, a future release of OpenSSH will enable UpdateHostKeys by default to allow the client to automatically migrate to better algorithms.

Can someone explain me...

... WHY GOOGLE PLAY SERVICES NEEDS ALL PERMISSIONS FOR WEBAUTHN(U2F)???

NEED MY CONTACTS, CALENDAR, BODY SENSORS, SMS AND SO ON! ALL FOR U2F???

I PROBABLY SHOULD BE GLAD THAT I DON'T NEED MY GOOGLE ACCOUNT FOR THAT?!?!

Using Firefox and testing WebAuthn instead of the typical dialog I get "Firefox has trouble communicating with Google Play Services" when I try to use that.

If someone knows the responsible people at google, tell them to FIX THAT SHIT.

Just bought a Yubikey, let’s boost my security a bit!

I just got a U2F key, and I have an extension for Firefox for it to work on that browser. When I try to set it up in my Google account it wants me to use Chrome. Now why the fuck can't they check for the functionality instead of what browser I'm using?

I do it pretty regularly maybe once or twice a week depends when I'm working on something interesting and want to get it done. Not very hard when you have coffee, headphones, good music, and enjoy what you do.

As for a story i don't have much of one unless you want one about implementing jwt tokens with a rest api along with trying to implement an 2FA system that would support otp and u2f. Then nuking it from orbit two days later cause it looked like garbage from trying to abstract everything