[arch-dev-public] News item for openssh-7.0p1-1
Christian Hesse
list at eworm.de
Wed Aug 12 21:15:34 UTC 2015
Gaetan Bisson <bisson at archlinux.org> on Thu, 2015/08/13 00:03:
> Hi,
>
> I'd like to suggest the following piece of news to be posted when
> openssh-7.0p1-1 lands in [core]:
>
>
> The new openssh-7.0p1 release deprecates certain types of SSH keys that
> are now considered vulnerable. For details, see the
> [upstream
> announcement](http://lists.mindrot.org/pipermail/openssh-unix-announce/2015-August/000122.html).
>
> Before updating and restarting sshd on remote hosts, if you rely on SSH
> keys for authentication, please make sure that you have a recent key
> pair set up, or alternative means of logging in (such as using password
> authentication).
This does not only apply for public key authentication but for host keys as
well. Do we want to add a note about that?
Old algorithms can be used when explicitly enabling them, though... ;)
The systemd unit sshdgenkeys.service still generates a dsa host key. Do we
want to change that?
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];)
putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20150812/d86bacef/attachment.asc>
More information about the arch-dev-public
mailing list