Key point to avoid any confusion: This is about the RSA-SHA1 cipher combination. It does <i>not</i> mean that RSA is deprecated.<p>If you use an RSA key for SSH (server or client) you can continue using that.<p>This should not affect any modern-day SSH implementation, it will only cut off compatibility with SSH implementations not updated for a very long time.
I've been running with ssh-rsa disabled for a while (with a config based on <a href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67" rel="nofollow">https://infosec.mozilla.org/guidelines/openssh#modern-openss...</a> ) and it's been pretty smooth. Support for better algorithms is widespread, with a few exceptions (like bazaar.launchpad.net).<p>One gotcha: OpenWrt does not enable ECDSA by default[1] and only recently enabled support for ed25519 by default.[2][3] It's available in release candidates for 21.02, but not in current stable releases. So if you're running a stable release you'll need to either add `PubkeyAcceptedKeyTypes +ssh-rsa` to your client ssh_config or use a custom build of OpenWrt with DROPBEAR_ECC or DROPBEAR_ECC_FULL enabled.<p>[1]: <a href="https://bugs.openwrt.org/index.php?do=details&task_id=786" rel="nofollow">https://bugs.openwrt.org/index.php?do=details&task_id=786</a><p>[2]: <a href="https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=d0f295837a03f7f52000ae6d395827bdde7996a4" rel="nofollow">https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=d0...</a><p>[3]: <a href="https://bugs.openwrt.org/index.php?do=details&task_id=3216&string=dropbear" rel="nofollow">https://bugs.openwrt.org/index.php?do=details&task_id=3216&s...</a><p>[4]: <a href="https://bugs.openwrt.org/index.php?do=details&task_id=3452" rel="nofollow">https://bugs.openwrt.org/index.php?do=details&task_id=3452</a>