1. 31

  2. 4

    Notably from the changelog:

    It is now possible[1] to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the “ssh-rsa” public key signature algorithm by default in a near-future release.

    1. 5

      Also noteworthy:

      A future release of OpenSSH will enable UpdateHostKeys by default to allow the client to automatically migrate to better algorithms.

      And FIDO/U2F support for keys