[arch-dev-public] News item for openssh-7.0p1-1
Gaetan Bisson
bisson at archlinux.org
Thu Aug 13 06:13:29 UTC 2015
[2015-08-13 12:34:07 +0900] Gaetan Bisson:
> Oh, sure. Here's a new proposal:
Better wording.
Title: openssh-7.0p1 deprecates ssh-dss keys
In light of recently discovered vulnerabilities, the new `openssh-7.0p1`
release deprecates keys of `ssh-dss` type, also known as DSA keys. See
the
[upstream announcement](http://lists.mindrot.org/pipermail/openssh-unix-announce/2015-August/000122.html)
for details.
Before updating and restarting `sshd` on a remote host, make sure you do
not rely on such keys for connecting to it. To enumerate DSA keys
granting access to a given account, use:
grep ssh-dss ~/.ssh/authorized_keys
If you have any, ensure you have alternative means of logging in, such
as key pairs of a different type, or password authentication.
Finally, host keys of `ssh-dss` type being deprecated too, you might
have to confirm a new fingerprint (for a host key of a different type)
when connecting to a freshly updated server.
--
Gaetan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20150813/b2ecf975/attachment.asc>
More information about the arch-dev-public
mailing list