| 1 |
I think it may be helpful to include the specific file(s) those |
| 2 |
options |
| 3 |
need to be added and to clarify whether they need to be added to |
| 4 |
the |
| 5 |
server host or the clients. |
| 6 |
|
| 7 |
Perhaps like so: |
| 8 |
|
| 9 |
hashes may be re-enabled on the server by adding the following |
| 10 |
config |
| 11 |
options to the end of /etc/ssh/sshd_confg: |
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
WKR, |
| 16 |
Aaron |
| 17 |
|
| 18 |
Mike Gilbert <floppym@g.o> writes: |
| 19 |
|
| 20 |
> Signed-off-by: Mike Gilbert <floppym@g.o> |
| 21 |
> --- |
| 22 |
> .../2021-10-08-openssh-rsa-sha1.en.txt | 26 |
| 23 |
> +++++++++++++++++++ |
| 24 |
> 1 file changed, 26 insertions(+) |
| 25 |
> create mode 100644 |
| 26 |
> 2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt |
| 27 |
> |
| 28 |
> diff --git |
| 29 |
> a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt |
| 30 |
> b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt |
| 31 |
> new file mode 100644 |
| 32 |
> index 0000000..cfdcc4a |
| 33 |
> --- /dev/null |
| 34 |
> +++ |
| 35 |
> b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt |
| 36 |
> @@ -0,0 +1,26 @@ |
| 37 |
> +Title: OpenSSH RSA SHA-1 signatures |
| 38 |
> +Author: Mike Gilbert <floppym@g.o> |
| 39 |
> +Posted: 2021-10-08 |
| 40 |
> +Revision: 1 |
| 41 |
> +News-Item-Format: 2.0 |
| 42 |
> +Display-If-Installed: net-misc/openssh |
| 43 |
> + |
| 44 |
> +As of version 8.8, OpenSSH disables RSA signatures using the |
| 45 |
> SHA-1 |
| 46 |
> +hash algorithm by default. This change affects both the client |
| 47 |
> and |
| 48 |
> +server components. |
| 49 |
> + |
| 50 |
> +After upgrading to this version, you may have trouble |
| 51 |
> connecting to |
| 52 |
> +older SSH servers that do not support the newer |
| 53 |
> RSA/SHA-256/SHA-512 |
| 54 |
> +signatures. Support for these signatures was added in OpenSSH |
| 55 |
> 7.2. |
| 56 |
> + |
| 57 |
> +As well, you may have trouble using older SSH clients to |
| 58 |
> connect to a |
| 59 |
> +server running OpenSSH 8.8 or higher. Some older clients do not |
| 60 |
> +automatically utilize the newer hashes. For example, PuTTY |
| 61 |
> before |
| 62 |
> +version 0.75 is affected. |
| 63 |
> + |
| 64 |
> +To resolve these problems, please upgrade your SSH |
| 65 |
> client/server |
| 66 |
> +whereever possible. If this is not feasible, support for the |
| 67 |
> SHA-1 |
| 68 |
> +hashes may be re-enabled using the following config options: |
| 69 |
> + |
| 70 |
> +HostkeyAlgorithms +ssh-rsa |
| 71 |
> +PubkeyAcceptedAlgorithms +ssh-rsa |
| 72 |
|
| 73 |
|
| 74 |
-- |
| 75 |
Reservations and Reporting Technologist |
| 76 |
Great Smoky Mountains Railroad |
| 77 |
PO Box 1490 |
| 78 |
Bryson City, NC 28713 |
| 79 |
D: 828-488-7013 |
| 80 |
M: 800-872-4681 x 214 |
| 81 |
F: 828-488-0427 |
| 82 |
P: 9B32 F2A4 8C1F F4E0 1E23 CEEA 2153 C852 F779 174F |
Archives