[2015-08-13 12:34:07 +0900] Gaetan Bisson:
Oh, sure. Here's a new proposal:
Better wording. Title: openssh-7.0p1 deprecates ssh-dss keys In light of recently discovered vulnerabilities, the new `openssh-7.0p1` release deprecates keys of `ssh-dss` type, also known as DSA keys. See the [upstream announcement](http://lists.mindrot.org/pipermail/openssh-unix-announce/2015-August/000122....) for details. Before updating and restarting `sshd` on a remote host, make sure you do not rely on such keys for connecting to it. To enumerate DSA keys granting access to a given account, use: grep ssh-dss ~/.ssh/authorized_keys If you have any, ensure you have alternative means of logging in, such as key pairs of a different type, or password authentication. Finally, host keys of `ssh-dss` type being deprecated too, you might have to confirm a new fingerprint (for a host key of a different type) when connecting to a freshly updated server. -- Gaetan