diff -up openssh-8.7p1/compat.c.sshrsacheck openssh-8.7p1/compat.c
--- openssh-8.7p1/compat.c.sshrsacheck	2023-01-12 13:29:06.338710923 +0100
+++ openssh-8.7p1/compat.c	2023-01-12 13:29:06.357711165 +0100
@@ -43,6 +43,7 @@ void
 compat_banner(struct ssh *ssh, const char *version)
 {
 	int i;
+	int forbid_ssh_rsa = 0;
 	static struct {
 		char	*pat;
 		int	bugs;
@@ -145,16 +146,21 @@ compat_banner(struct ssh *ssh, const cha
 	};
 
 	/* process table, return first match */
+	forbid_ssh_rsa = (ssh->compat & SSH_RH_RSASIGSHA);
 	ssh->compat = 0;
 	for (i = 0; check[i].pat; i++) {
 		if (match_pattern_list(version, check[i].pat, 0) == 1) {
 			debug_f("match: %s pat %s compat 0x%08x",
 			    version, check[i].pat, check[i].bugs);
 			ssh->compat = check[i].bugs;
+	if (forbid_ssh_rsa)
+		ssh->compat |= SSH_RH_RSASIGSHA;
 			return;
 		}
 	}
 	debug_f("no match: %s", version);
+	if (forbid_ssh_rsa)
+		ssh->compat |= SSH_RH_RSASIGSHA;
 }
 
 /* Always returns pointer to allocated memory, caller must free. */
diff -up openssh-8.7p1/compat.h.sshrsacheck openssh-8.7p1/compat.h
--- openssh-8.7p1/compat.h.sshrsacheck	2021-08-20 06:03:49.000000000 +0200
+++ openssh-8.7p1/compat.h	2023-01-12 13:29:06.358711178 +0100
@@ -30,7 +30,7 @@
 #define SSH_BUG_UTF8TTYMODE	0x00000001
 #define SSH_BUG_SIGTYPE		0x00000002
 #define SSH_BUG_SIGTYPE74	0x00000004
-/* #define unused		0x00000008 */
+#define SSH_RH_RSASIGSHA	0x00000008
 #define SSH_OLD_SESSIONID	0x00000010
 /* #define unused		0x00000020 */
 #define SSH_BUG_DEBUG		0x00000040
diff -up openssh-8.7p1/serverloop.c.sshrsacheck openssh-8.7p1/serverloop.c
--- openssh-8.7p1/serverloop.c.sshrsacheck	2023-01-12 14:57:08.118400073 +0100
+++ openssh-8.7p1/serverloop.c	2023-01-12 14:59:17.330470518 +0100
@@ -737,6 +737,10 @@ server_input_hostkeys_prove(struct ssh *
 			else if (ssh->kex->flags & KEX_RSA_SHA2_256_SUPPORTED)
 				sigalg = "rsa-sha2-256";
 		}
+		if (ssh->compat & SSH_RH_RSASIGSHA && sigalg == NULL) {
+			sigalg = "rsa-sha2-512";
+			debug3_f("SHA1 signature is not supported, falling back to %s", sigalg);
+		}
 		debug3_f("sign %s key (index %d) using sigalg %s",
 		sshkey_type(key), ndx, sigalg == NULL ? "default" : sigalg);
 		if ((r = sshbuf_put_cstring(sigbuf,
diff -up openssh-8.7p1/sshd.c.sshrsacheck openssh-8.7p1/sshd.c
--- openssh-8.7p1/sshd.c.sshrsacheck	2023-01-12 13:29:06.355711140 +0100
+++ openssh-8.7p1/sshd.c	2023-01-12 13:29:06.358711178 +0100
@@ -1640,6 +1651,7 @@ main(int ac, char **av)
 	int keytype;
 	Authctxt *authctxt;
 	struct connection_info *connection_info = NULL;
+	int forbid_ssh_rsa = 0;
 
 #ifdef HAVE_SECUREWARE
 	(void)set_auth_parameters(ac, av);
@@ -1938,6 +1950,19 @@ main(int ac, char **av)
 		    key = NULL;
 		    continue;
 		}
+		if (key && (sshkey_type_plain(key->type) == KEY_RSA || sshkey_type_plain(key->type) == KEY_RSA_CERT)) {
+		    size_t sign_size = 0;
+		    u_char *tmp = NULL;
+		    u_char data[] = "Test SHA1 vector";
+		    int res;
+
+		    res = ssh_rsa_sign(key, &tmp, &sign_size, data, sizeof(data), NULL);
+		    free(tmp);
+		    if (res == SSH_ERR_LIBCRYPTO_ERROR) {
+			logit_f("sshd: ssh-rsa algorithm is disabled");
+		    	forbid_ssh_rsa = 1;
+		    }
+		}
 		if (sshkey_is_sk(key) &&
 		    key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
 			debug("host key %s requires user presence, ignoring",
@@ -2275,6 +2306,9 @@ main(int ac, char **av)
 
 	check_ip_options(ssh);
 
+	if (forbid_ssh_rsa)
+		ssh->compat |= SSH_RH_RSASIGSHA;
+
 	/* Prepare the channels layer */
 	channel_init_channels(ssh);
 	channel_set_af(ssh, options.address_family);