OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm. The better alternatives include:

1. RSA SHA-2 signature algorithms rsa-sha2-256/512. These algorithms have the advantage of using the same key type as "ssh-rsa" but use the safe SHA-2 hash algorithms (now used by default if the client and server support them).

2. The ssh-ed25519 signature algorithm.

3. ECDSA algorithms: ecdsa-sha2-nistp256/384/521.

In this release, support for FIDO/U2F hardware tokens. Also noteworthy, a future release of OpenSSH will enable UpdateHostKeys by default to allow the client to automatically migrate to better algorithms.

Just bought a Yubikey, let’s boost my security a bit!

I just got a U2F key, and I have an extension for Firefox for it to work on that browser. When I try to set it up in my Google account it wants me to use Chrome. Now why the fuck can't they check for the functionality instead of what browser I'm using?