On 3/10/21 6:58 PM, Daniel Pocock wrote:
Hi all,
I put some comments on the OpenSSH mailing list[1] about UpdateHostKeys
and other SHA-1 related changes.
The OpenSSH release notes simply tell people to update OpenSSH. In
practice, people who use distributions like Fedora, RHEL and CentOS are
On 3/12/21 6:50 AM, Björn Persson wrote:
If both client and server are OpenSSH 7.2 or later, and an ssh-rsa key
is involved, then one of the newer signature schemes rsa-sha2-256 and
rsa-sha2-512 will be used, and you won't have any trouble.
Unless it's OpenSSH server 7.4 (as in Debian 9).
On 11/03/2021 23:06, Kevin Fenzi wrote:
> On Thu, Mar 11, 2021 at 03:50:57PM +0100, Daniel Pocock wrote:
>>
>>
>> On 11/03/2021 12:13, Florian Weimer wrote:
>>> * Richard W. M. Jones:
>>>
I really hope we don't remove the ability to connect to old servers
(eg. running RHEL 5). At the
Petr Pisar wrote:
> V Fri, Mar 12, 2021 at 10:53:01AM +0100, Miroslav Suchý napsal(a):
> > Do I understand it correctly that soon, I will have trouble connecting to
> >
> > $(grep ssh-rsa ~/.ssh/known_hosts | cut -f1 -d' ')
> >
> > hosts?
> > Should I regenerate the ssh key there? What is the
V Fri, Mar 12, 2021 at 10:53:01AM +0100, Miroslav Suchý napsal(a):
> Do I understand it correctly that soon, I will have trouble connecting to
>
> $(grep ssh-rsa ~/.ssh/known_hosts | cut -f1 -d' ')
>
> hosts?
> Should I regenerate the ssh key there? What is the prefered crypto nowadays?
>
No.
Dne 10. 03. 21 v 18:58 Daniel Pocock napsal(a):
- did anybody already write any wiki page, FAQ or guide for Fedora users
to navigate the SHA-1 issue in SSH?
+1
I do not follow this issue and I would welcome nice HOWTO document.
Do I understand it correctly that soon, I will have trouble
On Thu, Mar 11, 2021 at 03:50:57PM +0100, Daniel Pocock wrote:
>
>
> On 11/03/2021 12:13, Florian Weimer wrote:
> > * Richard W. M. Jones:
> >
> >> I really hope we don't remove the ability to connect to old servers
> >> (eg. running RHEL 5). At the moment you have to opt-in by setting the
>
On 3/11/21 5:13 AM, Florian Weimer wrote:
In the past (long, long ago), I had to enable Telnet on target devices
to work around incompatible cryptography policies. I hope we are not
going to return to that.
I've had to enable http on my home switches for that very reason, so ...
--
On 3/11/21 1:01 PM, Richard W.M. Jones wrote:
On Thu, Mar 11, 2021 at 03:50:57PM +0100, Daniel Pocock wrote:
On 11/03/2021 12:13, Florian Weimer wrote:
* Richard W. M. Jones:
I really hope we don't remove the ability to connect to old servers
(eg. running RHEL 5). At the moment you have
On Thu, Mar 11, 2021 at 03:50:57PM +0100, Daniel Pocock wrote:
>
>
> On 11/03/2021 12:13, Florian Weimer wrote:
> > * Richard W. M. Jones:
> >
> >> I really hope we don't remove the ability to connect to old servers
> >> (eg. running RHEL 5). At the moment you have to opt-in by setting the
>
On 11/03/2021 12:13, Florian Weimer wrote:
> * Richard W. M. Jones:
>
>> I really hope we don't remove the ability to connect to old servers
>> (eg. running RHEL 5). At the moment you have to opt-in by setting the
>> crypto-policy to LEGACY and running update-crypto-policies(8), which
>> is
* Richard W. M. Jones:
> I really hope we don't remove the ability to connect to old servers
> (eg. running RHEL 5). At the moment you have to opt-in by setting the
> crypto-policy to LEGACY and running update-crypto-policies(8), which
> is bearable.
In the past (long, long ago), I had to
On Wed, Mar 10, 2021 at 06:58:51PM +0100, Daniel Pocock wrote:
>
> Hi all,
>
> I put some comments on the OpenSSH mailing list[1] about UpdateHostKeys
> and other SHA-1 related changes.
>
> The OpenSSH release notes simply tell people to update OpenSSH. In
> practice, people who use
Hi all,
I put some comments on the OpenSSH mailing list[1] about UpdateHostKeys
and other SHA-1 related changes.
The OpenSSH release notes simply tell people to update OpenSSH. In
practice, people who use distributions like Fedora, RHEL and CentOS are
going to wait for a package. Security
14 matches
Mail list logo