1 |
On Tue, 2021-10-05 at 13:43 -0400, Mike Gilbert wrote: |
2 |
> Signed-off-by: Mike Gilbert <floppym@g.o> |
3 |
> --- |
4 |
> .../2021-10-08-openssh-rsa-sha1.en.txt | 26 |
5 |
> +++++++++++++++++++ |
6 |
> 1 file changed, 26 insertions(+) |
7 |
> create mode 100644 2021-10-08-openssh-rsa-sha1/2021-10-08-openssh- |
8 |
> rsa-sha1.en.txt |
9 |
> |
10 |
> diff --git a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa- |
11 |
> sha1.en.txt b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa- |
12 |
> sha1.en.txt |
13 |
> new file mode 100644 |
14 |
> index 0000000..cfdcc4a |
15 |
> --- /dev/null |
16 |
> +++ b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt |
17 |
> @@ -0,0 +1,26 @@ |
18 |
> +Title: OpenSSH RSA SHA-1 signatures |
19 |
> +Author: Mike Gilbert <floppym@g.o> |
20 |
> +Posted: 2021-10-08 |
21 |
> +Revision: 1 |
22 |
> +News-Item-Format: 2.0 |
23 |
> +Display-If-Installed: net-misc/openssh |
24 |
> + |
25 |
> +As of version 8.8, OpenSSH disables RSA signatures using the SHA-1 |
26 |
> +hash algorithm by default. This change affects both the client and |
27 |
> +server components. |
28 |
> + |
29 |
> +After upgrading to this version, you may have trouble connecting to |
30 |
> +older SSH servers that do not support the newer RSA/SHA-256/SHA-512 |
31 |
> +signatures. Support for these signatures was added in OpenSSH 7.2. |
32 |
> + |
33 |
> +As well, you may have trouble using older SSH clients to connect to a |
34 |
> +server running OpenSSH 8.8 or higher. Some older clients do not |
35 |
> +automatically utilize the newer hashes. For example, PuTTY before |
36 |
> +version 0.75 is affected. |
37 |
> + |
38 |
> +To resolve these problems, please upgrade your SSH client/server |
39 |
> +whereever possible. If this is not feasible, support for the SHA-1 |
40 |
> +hashes may be re-enabled using the following config options: |
41 |
> + |
42 |
> +HostkeyAlgorithms +ssh-rsa |
43 |
> +PubkeyAcceptedAlgorithms +ssh-rsa |
44 |
|
45 |
ship it! |