Re: [gentoo-dev] [PATCH] 2021-10-08-openssh-rsa-sha1: add news item

Tue, 05 Oct 2021 13:29:05 -0700
I think it may be helpful to include the specific file(s) those options need to be added and to clarify whether they need to be added to the 
server host or the clients.

Perhaps like so:
hashes may be re-enabled on the server by adding the following config 
   options to the end of /etc/ssh/sshd_confg:



WKR,
Aaron

Mike Gilbert <flop...@gentoo.org> writes:


Signed-off-by: Mike Gilbert <flop...@gentoo.org>
---
.../2021-10-08-openssh-rsa-sha1.en.txt | 26 +++++++++++++++++++ 
 1 file changed, 26 insertions(+)
create mode 100644 2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
diff --git a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt 
new file mode 100644
index 0000000..cfdcc4a
--- /dev/null
+++ b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt 
@@ -0,0 +1,26 @@
+Title: OpenSSH RSA SHA-1 signatures
+Author: Mike Gilbert <flop...@gentoo.org>
+Posted: 2021-10-08
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: net-misc/openssh
+
+As of version 8.8, OpenSSH disables RSA signatures using the SHA-1 +hash algorithm by default. This change affects both the client and 
+server components.
+
+After upgrading to this version, you may have trouble connecting to +older SSH servers that do not support the newer RSA/SHA-256/SHA-512 +signatures. Support for these signatures was added in OpenSSH 7.2. 
+
+As well, you may have trouble using older SSH clients to connect to a 
+server running OpenSSH 8.8 or higher. Some older clients do not
+automatically utilize the newer hashes. For example, PuTTY before 
+version 0.75 is affected.
+
+To resolve these problems, please upgrade your SSH client/server +whereever possible. If this is not feasible, support for the SHA-1 
+hashes may be re-enabled using the following config options:
+
+HostkeyAlgorithms +ssh-rsa
+PubkeyAcceptedAlgorithms +ssh-rsa



--
Reservations and Reporting Technologist
Great Smoky Mountains Railroad
PO Box 1490
Bryson City, NC 28713
D: 828-488-7013
M: 800-872-4681 x 214
F: 828-488-0427
P: 9B32 F2A4 8C1F F4E0 1E23  CEEA 2153 C852 F779 174F

Attachment: signature.asc
Description: PGP signature

Reply via email to