diff --git a/security-tool.spec b/security-tool.spec
index 8818e9e7842c43a21649b6d70d3a6494044a073f..4894600d47886b8c60790a6ab0136a8df544fc3f 100644
--- a/security-tool.spec
+++ b/security-tool.spec
@@ -2,7 +2,7 @@
 Summary: openEuler Security Tool
 Name   : security-tool
 Version: 2.0
-Release: 1.86
+Release: 1.87
 Source0: https://gitee.com/openeuler/security-tool/repository/archive/v2.0.tar.gz
 License: MulanPSL-2.0
 URL: https://gitee.com/openeuler/security-tool
@@ -20,6 +20,7 @@ Patch2: remove-sha1-in-sshd-config.patch
 Patch3: fix-function-allow-rpm-q.patch
 Patch4: add-secure-hostKey-algorithms.patch
 Patch5: Do-not-hard-code-vendor-name-in-source-code.patch
+Patch6: sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch
 
 %description
 %{vendor} Security Tool
@@ -125,6 +126,9 @@ fi
 %attr(0500,root,root) %{_sbindir}/security-tool.sh
 
 %changelog
+* Tue Jan 10 2023 renmingshuai <renmingshuai@huawei.com> - 2.0-1.87
+- delete deprecated option RSAAuthentication and RhostsRSAAuthentication
+
 * Fri Jan 6 2023 Chenxi Mao <chenxi.mao@suse.com> - 2.0-1.86
 - Do not hard code vendor name in source code
 
diff --git a/sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch b/sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch
new file mode 100644
index 0000000000000000000000000000000000000000..35c10fd4cfababedfe8baa5d80c5f35667bf35bb
--- /dev/null
+++ b/sshd-delete-deprecated-option-RSAAuthentication-and-Rhost.patch
@@ -0,0 +1,28 @@
+From b72601eb4904923100e3254f490def46633db322 Mon Sep 17 00:00:00 2001
+From: "renmingshuai@huawei.com" <renmingshuai@huawei.com>
+Date: Tue, 10 Jan 2023 11:10:33 +0800
+Subject: [PATCH] delete deprecated option RSAAuthentication and
+ RhostsRSAAuthentication
+
+---
+ security.conf | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/security.conf b/security.conf
+index f52a19d..70674b9 100644
+--- a/security.conf
++++ b/security.conf
+@@ -53,10 +53,8 @@
+ 103@m@/etc/ssh/sshd_config@X11Forwarding @no
+ 
+ 105@m@/etc/ssh/sshd_config@PubkeyAuthentication @yes
+-105@m@/etc/ssh/sshd_config@RSAAuthentication @yes
+ # Don't read the user's ~/.rhosts and ~/.shosts files
+ 105@m@/etc/ssh/sshd_config@IgnoreRhosts @yes
+-105@m@/etc/ssh/sshd_config@RhostsRSAAuthentication @no
+ 
+ # To disable host authentication
+ 106@m@/etc/ssh/sshd_config@HostbasedAuthentication @no
+-- 
+2.23.0
+