Signed-off-by: Mike Gilbert <floppym@gentoo.org>
---
.../2021-10-08-openssh-rsa-sha1.en.txt | 26
+++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100644
2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
diff --git
a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
new file mode 100644
index 0000000..cfdcc4a
--- /dev/null
+++
b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
@@ -0,0 +1,26 @@
+Title: OpenSSH RSA SHA-1 signatures
+Author: Mike Gilbert <floppym@gentoo.org>
+Posted: 2021-10-08
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: net-misc/openssh
+
+As of version 8.8, OpenSSH disables RSA signatures using the
SHA-1
+hash algorithm by default. This change affects both the client
and
+server components.
+
+After upgrading to this version, you may have trouble
connecting to
+older SSH servers that do not support the newer
RSA/SHA-256/SHA-512
+signatures. Support for these signatures was added in OpenSSH
7.2.
+
+As well, you may have trouble using older SSH clients to
connect to a
+server running OpenSSH 8.8 or higher. Some older clients do not +automatically utilize the newer hashes. For example, PuTTY
before
+version 0.75 is affected.
+
+To resolve these problems, please upgrade your SSH
client/server
+whereever possible. If this is not feasible, support for the
SHA-1
+hashes may be re-enabled using the following config options:
+
+HostkeyAlgorithms +ssh-rsa
+PubkeyAcceptedAlgorithms +ssh-rsa
I think it may be helpful to include the specific file(s) those
options
need to be added and to clarify whether they need to be added to
the
server host or the clients.
Perhaps like so:
hashes may be re-enabled on the server by adding the following
config
options to the end of /etc/ssh/sshd_confg:
On 5 Oct 2021, at 18:43, Mike Gilbert <floppym@gentoo.org> wrote:
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
---
.../2021-10-08-openssh-rsa-sha1.en.txt | 26 +++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100644 2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
diff --git a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
new file mode 100644
index 0000000..cfdcc4a
--- /dev/null
+++ b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
@@ -0,0 +1,26 @@
+Title: OpenSSH RSA SHA-1 signatures
+Author: Mike Gilbert <floppym@gentoo.org>
+Posted: 2021-10-08
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: net-misc/openssh
+
+As of version 8.8, OpenSSH disables RSA signatures using the SHA-1
+hash algorithm by default. This change affects both the client and
+server components.
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
---
.../2021-10-08-openssh-rsa-sha1.en.txt | 26 +++++++++++++++++++
1 file changed, 26 insertions(+)
create mode 100644 2021-10-08-openssh-rsa-sha1/2021-10-08-openssh- rsa-sha1.en.txt
diff --git a/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-
sha1.en.txt b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-
sha1.en.txt
new file mode 100644
index 0000000..cfdcc4a
--- /dev/null
+++ b/2021-10-08-openssh-rsa-sha1/2021-10-08-openssh-rsa-sha1.en.txt
@@ -0,0 +1,26 @@
+Title: OpenSSH RSA SHA-1 signatures
+Author: Mike Gilbert <floppym@gentoo.org>
+Posted: 2021-10-08
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: net-misc/openssh
+
+As of version 8.8, OpenSSH disables RSA signatures using the SHA-1
+hash algorithm by default. This change affects both the client and
+server components.
+
+After upgrading to this version, you may have trouble connecting to
+older SSH servers that do not support the newer RSA/SHA-256/SHA-512 +signatures. Support for these signatures was added in OpenSSH 7.2.
+
+As well, you may have trouble using older SSH clients to connect to a +server running OpenSSH 8.8 or higher. Some older clients do not +automatically utilize the newer hashes. For example, PuTTY before
+version 0.75 is affected.
+
+To resolve these problems, please upgrade your SSH client/server
+whereever possible. If this is not feasible, support for the SHA-1
+hashes may be re-enabled using the following config options:
+
+HostkeyAlgorithms +ssh-rsa
+PubkeyAcceptedAlgorithms +ssh-rsa
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 293 |
Nodes: | 16 (2 / 14) |
Uptime: | 230:13:18 |
Calls: | 6,624 |
Calls today: | 6 |
Files: | 12,171 |
Messages: | 5,319,300 |