1 |
commit: 2f5972511db9fde306c2512c9d7055fcdefe1c18 |
2 |
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Dec 24 10:11:31 2019 +0000 |
4 |
Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Dec 24 10:11:31 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=2f597251 |
7 |
|
8 |
2015-08-13-openssh-weak-keys: remove obsolete news item |
9 |
|
10 |
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org> |
11 |
|
12 |
.../2015-08-13-openssh-weak-keys.en.txt | 27 ---------------------- |
13 |
1 file changed, 27 deletions(-) |
14 |
|
15 |
diff --git a/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt b/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt |
16 |
deleted file mode 100644 |
17 |
index 1c4f296..0000000 |
18 |
--- a/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt |
19 |
+++ /dev/null |
20 |
@@ -1,27 +0,0 @@ |
21 |
-Title: OpenSSH 7.0 disables ssh-dss keys by default |
22 |
-Author: Mike Frysinger <vapier@g.o> |
23 |
-Content-Type: text/plain |
24 |
-Posted: 2015-08-13 |
25 |
-Revision: 1 |
26 |
-News-Item-Format: 1.0 |
27 |
-Display-If-Installed: net-misc/openssh |
28 |
- |
29 |
-Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has |
30 |
-been disabled by default at runtime due to their inherit weakness. If |
31 |
-you rely on these key types, you will have to take corrective action or |
32 |
-risk being locked out. |
33 |
- |
34 |
-Your best option is to generate new keys using strong algos such as rsa |
35 |
-or ecdsa or ed25519. RSA keys will give you the greatest portability |
36 |
-with other clients/servers while ed25519 will get you the best security |
37 |
-with OpenSSH (but requires recent versions of client & server). |
38 |
- |
39 |
-If you are stuck with DSA keys, you can re-enable support locally by |
40 |
-updating your sshd_config and ~/.ssh/config files with lines like so: |
41 |
- PubkeyAcceptedKeyTypes=+ssh-dss |
42 |
- |
43 |
-Be aware though that eventually OpenSSH will drop support for DSA keys |
44 |
-entirely, so this is only a stop gap solution. |
45 |
- |
46 |
-More details can be found on OpenSSH's website: |
47 |
- http://www.openssh.com/legacy.html |