On Tue, 2021-10-05 at 13:43 -0400, Mike Gilbert wrote:
> Signed-off-by: Mike Gilbert
> ---
> .../2021-10-08-openssh-rsa-sha1.en.txt | 26
> +++
> 1 file changed, 26 insertions(+)
> create mode 100644 2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-
> rsa-sha1.en.txt
>
> diff --git a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-
> sha1.en.txt b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-
> sha1.en.txt
> new file mode 100644
> index 000..cfdcc4a
> --- /dev/null
> +++ b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
> @@ -0,0 +1,26 @@
> +Title: OpenSSH RSA SHA-1 signatures
> +Author: Mike Gilbert
> +Posted: 2021-10-08
> +Revision: 1
> +News-Item-Format: 2.0
> +Display-If-Installed: net-misc/openssh
> +
> +As of version 8.8, OpenSSH disables RSA signatures using the SHA-1
> +hash algorithm by default. This change affects both the client and
> +server components.
> +
> +After upgrading to this version, you may have trouble connecting to
> +older SSH servers that do not support the newer RSA/SHA-256/SHA-512
> +signatures. Support for these signatures was added in OpenSSH 7.2.
> +
> +As well, you may have trouble using older SSH clients to connect to a
> +server running OpenSSH 8.8 or higher. Some older clients do not
> +automatically utilize the newer hashes. For example, PuTTY before
> +version 0.75 is affected.
> +
> +To resolve these problems, please upgrade your SSH client/server
> +whereever possible. If this is not feasible, support for the SHA-1
> +hashes may be re-enabled using the following config options:
> +
> +HostkeyAlgorithms +ssh-rsa
> +PubkeyAcceptedAlgorithms +ssh-rsa
ship it!
