Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: David Seifert <soap@g.o>
To: Mike Gilbert <floppym@g.o>, gentoo-dev@l.g.o
Cc: pr@g.o, base-system@g.o
Subject: [gentoo-dev] Re: [PATCH] 2021-10-08-openssh-rsa-sha1: add news item
Date: Wed, 06 Oct 2021 07:58:42
Message-Id: b354798faee8f99083fbd622474307202709d210.camel@gentoo.org
In Reply to: [gentoo-dev] [PATCH] 2021-10-08-openssh-rsa-sha1: add news item by Mike Gilbert
1 On Tue, 2021-10-05 at 13:43 -0400, Mike Gilbert wrote:
2 > Signed-off-by: Mike Gilbert <floppym@g.o>
3 > ---
4 >  .../2021-10-08-openssh-rsa-sha1.en.txt        | 26
5 > +++++++++++++++++++
6 >  1 file changed, 26 insertions(+)
7 >  create mode 100644 2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-
8 > rsa-sha1.en.txt
9 >
10 > diff --git a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-
11 > sha1.en.txt b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-
12 > sha1.en.txt
13 > new file mode 100644
14 > index 0000000..cfdcc4a
15 > --- /dev/null
16 > +++ b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
17 > @@ -0,0 +1,26 @@
18 > +Title: OpenSSH RSA SHA-1 signatures
19 > +Author: Mike Gilbert <floppym@g.o>
20 > +Posted: 2021-10-08
21 > +Revision: 1
22 > +News-Item-Format: 2.0
23 > +Display-If-Installed: net-misc/openssh
24 > +
25 > +As of version 8.8, OpenSSH disables RSA signatures using the SHA-1
26 > +hash algorithm by default. This change affects both the client and
27 > +server components.
28 > +
29 > +After upgrading to this version, you may have trouble connecting to
30 > +older SSH servers that do not support the newer RSA/SHA-256/SHA-512
31 > +signatures. Support for these signatures was added in OpenSSH 7.2.
32 > +
33 > +As well, you may have trouble using older SSH clients to connect to a
34 > +server running OpenSSH 8.8 or higher. Some older clients do not
35 > +automatically utilize the newer hashes. For example, PuTTY before
36 > +version 0.75 is affected.
37 > +
38 > +To resolve these problems, please upgrade your SSH client/server
39 > +whereever possible. If this is not feasible, support for the SHA-1
40 > +hashes may be re-enabled using the following config options:
41 > +
42 > +HostkeyAlgorithms +ssh-rsa
43 > +PubkeyAcceptedAlgorithms +ssh-rsa
44
45 ship it!
Report Message
Find on MARC Find on Google Groups