commit: 2f5972511db9fde306c2512c9d7055fcdefe1c18 Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> AuthorDate: Tue Dec 24 10:11:31 2019 +0000 Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> CommitDate: Tue Dec 24 10:11:31 2019 +0000 URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=2f597251
2015-08-13-openssh-weak-keys: remove obsolete news item Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org> .../2015-08-13-openssh-weak-keys.en.txt | 27 ---------------------- 1 file changed, 27 deletions(-) diff --git a/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt b/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt deleted file mode 100644 index 1c4f296..0000000 --- a/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt +++ /dev/null @@ -1,27 +0,0 @@ -Title: OpenSSH 7.0 disables ssh-dss keys by default -Author: Mike Frysinger <[email protected]> -Content-Type: text/plain -Posted: 2015-08-13 -Revision: 1 -News-Item-Format: 1.0 -Display-If-Installed: net-misc/openssh - -Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has -been disabled by default at runtime due to their inherit weakness. If -you rely on these key types, you will have to take corrective action or -risk being locked out. - -Your best option is to generate new keys using strong algos such as rsa -or ecdsa or ed25519. RSA keys will give you the greatest portability -with other clients/servers while ed25519 will get you the best security -with OpenSSH (but requires recent versions of client & server). - -If you are stuck with DSA keys, you can re-enable support locally by -updating your sshd_config and ~/.ssh/config files with lines like so: - PubkeyAcceptedKeyTypes=+ssh-dss - -Be aware though that eventually OpenSSH will drop support for DSA keys -entirely, so this is only a stop gap solution. - -More details can be found on OpenSSH's website: - http://www.openssh.com/legacy.html
