Comment by cnst
1 day ago
The notice at stake is about key agreements (aka KEX aka Key Exchange), not about the keys themselves.
If you look at http://mdoc.su/o/ssh_config.5#KexAlgorithms and http://bxr.su/o/usr.bin/ssh/kex-names.c#kexalgs, `ecdsa-sha2-nistp256` is not a valid option for the setting (although `ecdh-sha2-nistp256` is).
Ohh, this is distinct from the pubkey algorithms. Looks like I need a refresher on how SSH works then :-)
Thanks!
https://www.openssh.com/legacy.html - Legacy algorithms in OpenSSH, which explains a little what they do. Then there is also your Identity key that you authenticate yourself with, which is placed in the servers authorized_keys.