1 |
commit: 8dea6aa24c3ec9ee9a391fb602733c1a803a1ad1 |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Oct 5 17:41:53 2021 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Oct 8 17:28:16 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=8dea6aa2 |
7 |
|
8 |
2021-10-08-openssh-rsa-sha1: add news item |
9 |
|
10 |
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> |
11 |
|
12 |
.../2021-10-08-openssh-rsa-sha1.en.txt | 26 ++++++++++++++++++++++ |
13 |
1 file changed, 26 insertions(+) |
14 |
|
15 |
diff --git a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt |
16 |
new file mode 100644 |
17 |
index 0000000..cfdcc4a |
18 |
--- /dev/null |
19 |
+++ b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt |
20 |
@@ -0,0 +1,26 @@ |
21 |
+Title: OpenSSH RSA SHA-1 signatures |
22 |
+Author: Mike Gilbert <floppym@g.o> |
23 |
+Posted: 2021-10-08 |
24 |
+Revision: 1 |
25 |
+News-Item-Format: 2.0 |
26 |
+Display-If-Installed: net-misc/openssh |
27 |
+ |
28 |
+As of version 8.8, OpenSSH disables RSA signatures using the SHA-1 |
29 |
+hash algorithm by default. This change affects both the client and |
30 |
+server components. |
31 |
+ |
32 |
+After upgrading to this version, you may have trouble connecting to |
33 |
+older SSH servers that do not support the newer RSA/SHA-256/SHA-512 |
34 |
+signatures. Support for these signatures was added in OpenSSH 7.2. |
35 |
+ |
36 |
+As well, you may have trouble using older SSH clients to connect to a |
37 |
+server running OpenSSH 8.8 or higher. Some older clients do not |
38 |
+automatically utilize the newer hashes. For example, PuTTY before |
39 |
+version 0.75 is affected. |
40 |
+ |
41 |
+To resolve these problems, please upgrade your SSH client/server |
42 |
+whereever possible. If this is not feasible, support for the SHA-1 |
43 |
+hashes may be re-enabled using the following config options: |
44 |
+ |
45 |
+HostkeyAlgorithms +ssh-rsa |
46 |
+PubkeyAcceptedAlgorithms +ssh-rsa |