Date: Thu, 11 Jan 2024 16:34:42 +0100 From: Christian Weisgerber <naddy@mips.inka.de> To: freebsd-questions@freebsd.org Subject: OpenSSH to remove DSA support Message-ID: <ZaAKkubZbg4Ouk3l@lorvorc.mips.inka.de>
next in thread | raw e-mail | index | archive | help
Since users always moan that such changes are "sudden" and "unexpected", I'd like to raise awareness that OpenSSH will remove support for DSA keys (ssh-dss) in a year's time. | In summary: | 2024/01 - this announcement | 2024/03 (estimated) - DSA compile-time optional, enabled by default | 2024/06 (estimated) - DSA compile-time optional, *disabled* by default | 2025/01 (estimated) - DSA is removed from OpenSSH DSA keys have already been disabled by default for years, since FreeBSD 11, so this won't concern you at all unless you use HostKeyAlgorithms=+ssh-dss for connecting to old switches or such. Here's the full announcement: https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-January/041132.html -- Christian "naddy" Weisgerber naddy@mips.inka.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZaAKkubZbg4Ouk3l>