Developer Briefing — February 14, 2020

OpenSSH 8.2 introduced FIDO/U2F support for public key authentication and announced planned deprecation of ssh-rsa signatures with SHA-1, requiring administrators to update client policies and hardware key enrollment.

Zeph Tech Research Lead

Research lead, Zeph Tech

2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: OpenBSD released OpenSSH 8.2 on 14 February 2020, adding first-class support for FIDO/U2F security keys via the new sk-* key types and signaling removal of ssh-rsa signatures that rely on SHA-1. The update also fixes memory safety issues in the sftp server and clarifies default configuration behaviors.

Why it matters: Hardware-backed FIDO keys raise phishing resistance for administrative access, while SHA-1 signature deprecation will break legacy automation if host and user keys are not rotated. Organizations need to validate client and server compatibility and plan key transitions.

Adopt FIDO: Pilot ecdsa-sk and ed25519-sk keys for administrator accounts and document yubikey/security key provisioning workflows.
Plan ssh-rsa sunset: Inventory hosts and automation using RSA/SHA-1 keys and schedule regeneration with rsa-sha2-256 or Ed25519 algorithms before the announced removal.
Update packages: Deploy OpenSSH 8.2 or vendor backports on servers and developer workstations, confirming ssh_config and sshd_config align with organization ciphers and MAC policies.
Monitor sftp services: Review logs for anomalous sftp access and validate chroot and subsystem directives after upgrading.

Timeline plotting source publication cadence sized by credibility. — 2 publication timestamps supporting this briefing. Source data (JSON)

Horizontal bar chart of credibility scores per cited source. — Credibility scores for every source cited in this briefing. Source data (JSON)

Visit pillar hub

Latest guides

Secure Software Supply Chain Tooling Guide — Zeph Tech
Engineer developer platforms that deliver verifiable provenance, SBOM distribution, vendor assurance, and runtime integrity aligned with SLSA v1.0, NIST SP 800-204D, and CISA SBOM…
AI-Assisted Development Governance Guide — Zeph Tech
Govern GitHub Copilot, Azure AI, and internal generative assistants with controls aligned to NIST AI RMF 1.0, EU AI Act enforcement timelines, OMB M-24-10, and enterprise privacy…
Developer Enablement & Platform Operations Guide — Zeph Tech
Plan AI-assisted development, secure SDLC controls, and runtime upgrades using Zeph Tech research on GitHub Copilot, GitHub Advanced Security, and major language lifecycles.

Related briefings

Developer Briefing — February 13, 2020

Chrome 80 enforces SameSite-by-default cookie handling

Developer Briefing — Go 1.14 release ships modules by default

Adobe issues Magento 2.3.4 security updates (APSB20-02)

Firefox 74 strengthens default TLS and extension controls

Continue in the Developer pillar

Latest guides