| 1 |
Signed-off-by: Mike Gilbert <floppym@g.o> |
| 2 |
--- |
| 3 |
.../2021-10-08-openssh-rsa-sha1.en.txt | 26 +++++++++++++++++++ |
| 4 |
1 file changed, 26 insertions(+) |
| 5 |
create mode 100644 2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt |
| 6 |
|
| 7 |
diff --git a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt |
| 8 |
new file mode 100644 |
| 9 |
index 0000000..cfdcc4a |
| 10 |
--- /dev/null |
| 11 |
+++ b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt |
| 12 |
@@ -0,0 +1,26 @@ |
| 13 |
+Title: OpenSSH RSA SHA-1 signatures |
| 14 |
+Author: Mike Gilbert <floppym@g.o> |
| 15 |
+Posted: 2021-10-08 |
| 16 |
+Revision: 1 |
| 17 |
+News-Item-Format: 2.0 |
| 18 |
+Display-If-Installed: net-misc/openssh |
| 19 |
+ |
| 20 |
+As of version 8.8, OpenSSH disables RSA signatures using the SHA-1 |
| 21 |
+hash algorithm by default. This change affects both the client and |
| 22 |
+server components. |
| 23 |
+ |
| 24 |
+After upgrading to this version, you may have trouble connecting to |
| 25 |
+older SSH servers that do not support the newer RSA/SHA-256/SHA-512 |
| 26 |
+signatures. Support for these signatures was added in OpenSSH 7.2. |
| 27 |
+ |
| 28 |
+As well, you may have trouble using older SSH clients to connect to a |
| 29 |
+server running OpenSSH 8.8 or higher. Some older clients do not |
| 30 |
+automatically utilize the newer hashes. For example, PuTTY before |
| 31 |
+version 0.75 is affected. |
| 32 |
+ |
| 33 |
+To resolve these problems, please upgrade your SSH client/server |
| 34 |
+whereever possible. If this is not feasible, support for the SHA-1 |
| 35 |
+hashes may be re-enabled using the following config options: |
| 36 |
+ |
| 37 |
+HostkeyAlgorithms +ssh-rsa |
| 38 |
+PubkeyAcceptedAlgorithms +ssh-rsa |
| 39 |
-- |
| 40 |
2.33.0 |
Archives