Changes to the ssh-keygen command that might require a migration action
Table 1 lists the changes to the ssh-keygen command that might require a migration action and the accompanying actions.
| What changed | Migration action needed? |
|---|---|
-d option Previously, -d option as alias of -t dsa was supported. Now, it is not supported. |
Yes, if you use ssh-keygen command with -d option. Specifying the -d option will return the following error message: unknown option -- d. Action: Replace -d by -t dsa. |
-b option (used in conjunction with -G) Previously, the minimum value on the ssh-keygen -b option used with -G options was 768. Now the minimum value is 512. |
No. Because minimum value 512 is less than 768. |
-b option (for RSA) Previously, the maximum RSA key size on the ssh-keygen -b option was 32768. Now the maximum size is 16384. |
Yes, if you are using ssh-keygen to generate RSA keys with a size that is between 16384 and 32768 bits. If you specify an RSA key size larger than 16384, the following error message will be returned: key bits exceeds maximum 16384. Action: Use ssh-keygen to generate new RSA keys based on the new size requirement. |