[arch-dev-public] News item for openssh-7.0p1-1

Christian Hesse list at eworm.de
Wed Aug 12 21:15:34 UTC 2015

Gaetan Bisson <bisson at archlinux.org> on Thu, 2015/08/13 00:03:
> Hi,
> I'd like to suggest the following piece of news to be posted when
> openssh-7.0p1-1 lands in [core]:
> The new openssh-7.0p1 release deprecates certain types of SSH keys that
> are now considered vulnerable. For details, see the
> [upstream
> announcement](http://lists.mindrot.org/pipermail/openssh-unix-announce/2015-August/000122.html).
> Before updating and restarting sshd on remote hosts, if you rely on SSH
> keys for authentication, please make sure that you have a recent key
> pair set up, or alternative means of logging in (such as using password
> authentication).

This does not only apply for public key authentication but for host keys as
well. Do we want to add a note about that?

Old algorithms can be used when explicitly enabling them, though... ;)

The systemd unit sshdgenkeys.service still generates a dsa host key. Do we
want to change that?
main(a){char*c=/*    Schoene Gruesse                         */"B?IJj;MEH"
"CX:;",b;for(a/*    Chris           get my mail address:    */=0;b=c[a++];)
putchar(b-1/(/*               gcc -o sig sig.c && ./sig    */b/42*2-3)*42);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20150812/d86bacef/attachment.asc>

More information about the arch-dev-public mailing list