Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Gilbert <floppym@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] data/gentoo-news:master commit in: 2021-10-08-openssh-rsa-sha1/
Date: Fri, 08 Oct 2021 17:29:40
Message-Id: 1633714096.8dea6aa24c3ec9ee9a391fb602733c1a803a1ad1.floppym@gentoo
1 commit: 8dea6aa24c3ec9ee9a391fb602733c1a803a1ad1
2 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
3 AuthorDate: Tue Oct 5 17:41:53 2021 +0000
4 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
5 CommitDate: Fri Oct 8 17:28:16 2021 +0000
6 URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=8dea6aa2
7
8 2021-10-08-openssh-rsa-sha1: add news item
9
10 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
11
12 .../2021-10-08-openssh-rsa-sha1.en.txt | 26 ++++++++++++++++++++++
13 1 file changed, 26 insertions(+)
14
15 diff --git a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
16 new file mode 100644
17 index 0000000..cfdcc4a
18 --- /dev/null
19 +++ b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
20 @@ -0,0 +1,26 @@
21 +Title: OpenSSH RSA SHA-1 signatures
22 +Author: Mike Gilbert <floppym@g.o>
23 +Posted: 2021-10-08
24 +Revision: 1
25 +News-Item-Format: 2.0
26 +Display-If-Installed: net-misc/openssh
27 +
28 +As of version 8.8, OpenSSH disables RSA signatures using the SHA-1
29 +hash algorithm by default. This change affects both the client and
30 +server components.
31 +
32 +After upgrading to this version, you may have trouble connecting to
33 +older SSH servers that do not support the newer RSA/SHA-256/SHA-512
34 +signatures. Support for these signatures was added in OpenSSH 7.2.
35 +
36 +As well, you may have trouble using older SSH clients to connect to a
37 +server running OpenSSH 8.8 or higher. Some older clients do not
38 +automatically utilize the newer hashes. For example, PuTTY before
39 +version 0.75 is affected.
40 +
41 +To resolve these problems, please upgrade your SSH client/server
42 +whereever possible. If this is not feasible, support for the SHA-1
43 +hashes may be re-enabled using the following config options:
44 +
45 +HostkeyAlgorithms +ssh-rsa
46 +PubkeyAcceptedAlgorithms +ssh-rsa
Report Message
Find on MARC Find on Google Groups