[arch-announce] openssh-7.0p1 deprecates ssh-dss keys

Arch Linux: Recent news updates: Gaetan Bisson announce at archlinux.org
Fri Aug 14 06:01:04 UTC 2015

In light of recently discovered vulnerabilities, the new `openssh-7.0p1` release
deprecates keys of `ssh-dss` type, also known as DSA keys. See the [upstream
announcement][1] for details.

Before updating and restarting `sshd` on a remote host, make sure you do not
rely on such keys for connecting to it. To enumerate DSA keys granting access to
a given account, use:

        grep ssh-dss ~/.ssh/authorized_keys

If you have any, ensure you have alternative means of logging in, such as key
pairs of a different type, or password authentication.

Finally, host keys of `ssh-dss` type being deprecated too, you might have to
confirm a new fingerprint (for a host key of a different type) when connecting
to a freshly updated server.

   [1]: http://lists.mindrot.org/pipermail/openssh-unix-

URL: https://www.archlinux.org/news/openssh-70p1-deprecates-ssh-dss-keys/

More information about the arch-announce mailing list