Re: OpenSSH: RSA/SHA1 disabled by default

2021-09-11 Thread Simon Hoffmann
> Hi, > > RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default > in OpenSSH. > > While The SSH protocol confusingly uses overlapping names for key and > signature algorithms, this does not stop the use of RSA keys and there > is no need to regenerate "ssh-rsa" keys - most serve

Re: OpenSSH: RSA/SHA1 disabled by default

2021-09-07 Thread Theo de Raadt
Stuart Henderson wrote: > On 2021/09/08 09:03, Damien Miller wrote: > > This is a case of the host key algorithm not matching, so you > > should use HostKeyAlgorithms=+ssh-rsa - I'll make sure to mention > > this in the release notes. > > People seem to really be having a hard time grasping what

Re: OpenSSH: RSA/SHA1 disabled by default

2021-09-07 Thread Stuart Henderson
On 2021/09/08 09:03, Damien Miller wrote: > This is a case of the host key algorithm not matching, so you > should use HostKeyAlgorithms=+ssh-rsa - I'll make sure to mention > this in the release notes. People seem to really be having a hard time grasping what's being disabled by default. And it d

Re: OpenSSH: RSA/SHA1 disabled by default

2021-09-07 Thread Damien Miller
On Tue, 7 Sep 2021, Martijn van Duren wrote: > On Mon, 2021-08-30 at 10:08 +1000, Damien Miller wrote: > > Hi, > > > > RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default > > in OpenSSH. > > > > While The SSH protocol confusingly uses overlapping names for key and > > signatu

Re: OpenSSH: RSA/SHA1 disabled by default

2021-09-07 Thread Stuart Henderson
On 2021/09/07 14:40, Martijn van Duren wrote: > On Mon, 2021-08-30 at 10:08 +1000, Damien Miller wrote: > > Hi, > > > > RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default > > in OpenSSH. > > > > While The SSH protocol confusingly uses overlapping names for key and > > signatu

Re: OpenSSH: RSA/SHA1 disabled by default

2021-09-07 Thread Martijn van Duren
On Mon, 2021-08-30 at 10:08 +1000, Damien Miller wrote: > Hi, > > RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default > in OpenSSH. > > While The SSH protocol confusingly uses overlapping names for key and > signature algorithms, this does not stop the use of RSA keys and ther

OpenSSH: RSA/SHA1 disabled by default

2021-08-29 Thread Damien Miller
Hi, RSA/SHA1, a.k.a the "ssh-rsa" signature type is now disabled by default in OpenSSH. While The SSH protocol confusingly uses overlapping names for key and signature algorithms, this does not stop the use of RSA keys and there is no need to regenerate "ssh-rsa" keys - most servers released in t