diff --git a/builtin/logical/ssh/path_roles.go b/builtin/logical/ssh/path_roles.go
index 21aff66578..a41772578f 100644
--- a/builtin/logical/ssh/path_roles.go
+++ b/builtin/logical/ssh/path_roles.go
@@ -333,7 +333,7 @@ func pathRoles(b *backend) *framework.Path {
 				When supplied, this value specifies a signing algorithm for the key. Possible values:
 				ssh-rsa, rsa-sha2-256, rsa-sha2-512, default, or the empty string.
 				`,
-				AllowedValues: []interface{}{"", ssh.SigAlgoRSA, ssh.SigAlgoRSASHA2256, ssh.SigAlgoRSASHA2512},
+				AllowedValues: []interface{}{"", DefaultAlgorithmSigner, ssh.SigAlgoRSA, ssh.SigAlgoRSASHA2256, ssh.SigAlgoRSASHA2512},
 				DisplayAttrs: &framework.DisplayAttributes{
 					Name: "Signing Algorithm",
 				},
diff --git a/changelog/17894.txt b/changelog/17894.txt
new file mode 100644
index 0000000000..bd056cdf34
--- /dev/null
+++ b/changelog/17894.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: allow selection of "default" for ssh algorithm_signer in web interface
+```
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index 0308e91f42..148d92f08c 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -120,6 +120,7 @@ export default Model.extend({
   }),
   algorithmSigner: attr('string', {
     helpText: 'When supplied, this value specifies a signing algorithm for the key',
+    possibleValues: ['default', 'ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512'],
   }),
 
   showFields: computed('keyType', function () {