On 06.10.2015 10:57, Arkadiusz Miśkiewicz wrote:
On Tuesday 06 of October 2015, glen wrote:
commit 0c97474bafebbdc86d13d41624a85cccc55c02e0
Author: Elan Ruusamäe <g...@delfi.ee>
Date: Tue Oct 6 10:04:54 2015 +0300
allow dsa keys also client side, enable by default
openssh-config.patch | 6 ++++--
openssh.spec | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
That change is harmful. With this change people won't notice that DSA is to be
dropped, won't migrate from DSA keys and will end up with big problem when
finally openssh team drops DSA support.
Please revert it (at least revert on client side; server side could enable DSA
keys for a while), so people WILL notice and will migrate to RSA/ECDSA keys.
shouldn't it be opposite?
a) allow in server
b) disable in client
then user will notice key does not work, but CAN do something about it
clientside, log in with dsa key and add new rsa key there.
when server side disabled, user can't do anything without ssh server
admin access. i'll assume here password auth is already off.
--
glen
_______________________________________________
pld-devel-en mailing list
pld-devel-en@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
