Gaetan Bisson <[email protected]> on Thu, 2015/08/13 00:03: > Hi, > > I'd like to suggest the following piece of news to be posted when > openssh-7.0p1-1 lands in [core]: > > > The new openssh-7.0p1 release deprecates certain types of SSH keys that > are now considered vulnerable. For details, see the > [upstream > announcement](http://lists.mindrot.org/pipermail/openssh-unix-announce/2015-August/000122.html). > > Before updating and restarting sshd on remote hosts, if you rely on SSH > keys for authentication, please make sure that you have a recent key > pair set up, or alternative means of logging in (such as using password > authentication).
This does not only apply for public key authentication but for host keys as
well. Do we want to add a note about that?
Old algorithms can be used when explicitly enabling them, though... ;)
The systemd unit sshdgenkeys.service still generates a dsa host key. Do we
want to change that?
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];)
putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
pgpvErTMUl8p3.pgp
Description: OpenPGP digital signature
