From 364d7a9be166e151399d70f4633751f0e9bc5cb1 Mon Sep 17 00:00:00 2001
From: Mike Green <772413+mikegreen@users.noreply.github.com>
Date: Wed, 19 Jan 2022 16:37:00 -0700
Subject: [PATCH] Add algo signer to support openssl as of recent (#12438)

"algorithm_signer": "rsa-sha2-256"
to prevent /var/log/auth.log `userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]` due to vault defaulting to ssh-rsa which is insecure
---
 website/content/docs/secrets/ssh/signed-ssh-certificates.mdx | 1 +
 1 file changed, 1 insertion(+)

diff --git a/website/content/docs/secrets/ssh/signed-ssh-certificates.mdx b/website/content/docs/secrets/ssh/signed-ssh-certificates.mdx
index 2d97b52fb..4ee36981f 100644
--- a/website/content/docs/secrets/ssh/signed-ssh-certificates.mdx
+++ b/website/content/docs/secrets/ssh/signed-ssh-certificates.mdx
@@ -114,6 +114,7 @@ team, or configuration management tooling.
     ```text
     $ vault write ssh-client-signer/roles/my-role -<<"EOH"
     {
+      "algorithm_signer": "rsa-sha2-256",
       "allow_user_certificates": true,
       "allowed_users": "*",
       "allowed_extensions": "permit-pty,permit-port-forwarding",