Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Andreas K. Hüttel" <dilfridge@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] data/gentoo-news:master commit in: 2015-08-13-openssh-weak-keys/
Date: Tue, 24 Dec 2019 10:12:10
Message-Id: 1577182291.2f5972511db9fde306c2512c9d7055fcdefe1c18.dilfridge@gentoo
1 commit: 2f5972511db9fde306c2512c9d7055fcdefe1c18
2 Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
3 AuthorDate: Tue Dec 24 10:11:31 2019 +0000
4 Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
5 CommitDate: Tue Dec 24 10:11:31 2019 +0000
6 URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=2f597251
7
8 2015-08-13-openssh-weak-keys: remove obsolete news item
9
10 Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>
11
12 .../2015-08-13-openssh-weak-keys.en.txt | 27 ----------------------
13 1 file changed, 27 deletions(-)
14
15 diff --git a/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt b/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt
16 deleted file mode 100644
17 index 1c4f296..0000000
18 --- a/2015-08-13-openssh-weak-keys/2015-08-13-openssh-weak-keys.en.txt
19 +++ /dev/null
20 @@ -1,27 +0,0 @@
21 -Title: OpenSSH 7.0 disables ssh-dss keys by default
22 -Author: Mike Frysinger <vapier@g.o>
23 -Content-Type: text/plain
24 -Posted: 2015-08-13
25 -Revision: 1
26 -News-Item-Format: 1.0
27 -Display-If-Installed: net-misc/openssh
28 -
29 -Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has
30 -been disabled by default at runtime due to their inherit weakness. If
31 -you rely on these key types, you will have to take corrective action or
32 -risk being locked out.
33 -
34 -Your best option is to generate new keys using strong algos such as rsa
35 -or ecdsa or ed25519. RSA keys will give you the greatest portability
36 -with other clients/servers while ed25519 will get you the best security
37 -with OpenSSH (but requires recent versions of client & server).
38 -
39 -If you are stuck with DSA keys, you can re-enable support locally by
40 -updating your sshd_config and ~/.ssh/config files with lines like so:
41 - PubkeyAcceptedKeyTypes=+ssh-dss
42 -
43 -Be aware though that eventually OpenSSH will drop support for DSA keys
44 -entirely, so this is only a stop gap solution.
45 -
46 -More details can be found on OpenSSH's website:
47 - http://www.openssh.com/legacy.html
Report Message
Find on MARC Find on Google Groups