From nobody Tue Mar 8 22:00:51 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 2BAC719F0025; Tue, 8 Mar 2022 22:00:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KCq5c0pCdz4TND; Tue, 8 Mar 2022 22:00:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646776852; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6YTu6Kx7z9BBR9++IQDbkSnwkXnMhyZaMVsh7An2iYg=; b=MVNC51XetnFt6Gq5pENP8I2ptbRvcLwhHYWxSS1s2KYj6ElF54uoeag/3i/ZKDk59p/ok6 7bNfMt+fS5tACxNtK+A6MD06YGTF20yWfXNqarl27rUdIpB2+SoXvLaZfT8zy2Qkqp9mKO PoJt87py/XyLxrMJUUPfTqtanyHMse5WzRFoF07aapsTb61Q2IC2Tkkwl/LEIfpkcSJX/W /oOMVw+GBGhT571+Dy6nz9X28uSKy6bi/HUPryVOPwqPD4hSIoFkpRKI9JV6Qh+3Yv5yEn RB25u2yTfgVOKoxzO1fBXFDMQJlWi6Dy5mbHmo1p0LmzOA3RKCTRuq8pwYMDhw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EF71A24986; Tue, 8 Mar 2022 22:00:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 228M0p3O020939; Tue, 8 Mar 2022 22:00:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 228M0p7D020938; Tue, 8 Mar 2022 22:00:51 GMT (envelope-from git) Date: Tue, 8 Mar 2022 22:00:51 GMT Message-Id: <202203082200.228M0p7D020938@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: cea0d3689efe - main - ssh: update sshd_config(5) for RSA/SHA-1 signature removal List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: cea0d3689efe459118ed5fd4e3e7538bf85d4642 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646776852; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6YTu6Kx7z9BBR9++IQDbkSnwkXnMhyZaMVsh7An2iYg=; b=jqmj3D5PzQeGAW2sDiPFMdWpXRU4snVqmxepWPBNO+SEMDYMvqic0UHU/LdL5bqZD4e9lB fGKGl6uK7Mrd+VWno0NK1Ck+XOKRj8aZGHyw+k9jvPgUxImXUQBn0vijIL7Ju9c75AoqRP lypLGVO9vLDrs9HaxX8Pc/RV2REpbhEWRhJTOjp/+koW2gvrVfFMkUEjGj3RxtVoipVOEw I+Ac8JbmYUNXTPA5RCiSgE/f0r5h56NL6gP8N3rVubO152ay/JhTVQLXvuliaapESiqm3S pzodsTu/NXA1N6iC2e32kTCMMsXqxkgTPfbc5wjOPpDjya7xhbbk/ACeu7LVNw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646776852; a=rsa-sha256; cv=none; b=AVJiZOHSQOvmqqH/u9vK5aiY123Ga/lI4A3bPbiclCEGWLESRY0J84c91P+txIRsCL7wJZ cFhjRsX3d3a4yvbZQ5I7mWJNTatKye55zQJxocfyAtoEFp3MhT5rHt7GkUvJxviGORS0AL n6OzR6dIZJT536BL+wGGNWoPPvvthvGfUh1sNhLKD2V1kOGZ2vAoFY18CnN1IsKUtiKCYu 1IJSqd6ELuONSC0ogm9DJrfVMGHwZWLHMl8kHuPU1iaubTx555dncwhp6WVYl+MQJrKVAl KQw6uIavN5eDj+ETuAXjcNamVtR05SmhUZKugqDOcV19yAhejUIscUUaqgQttg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=cea0d3689efe459118ed5fd4e3e7538bf85d4642 commit cea0d3689efe459118ed5fd4e3e7538bf85d4642 Author: Ed Maste AuthorDate: 2022-03-08 21:56:04 +0000 Commit: Ed Maste CommitDate: 2022-03-08 21:56:56 +0000 ssh: update sshd_config(5) for RSA/SHA-1 signature removal OpenSSH 8.8p1 removed RSA/SHA-1 signatures by default, but failed to update sshd_config(5). It was updated upstream after the release in b711bc01a7ec and da4035523406. Fixes: 8c22023ca5e1 ("ssh: disable RSA/SHA-1 signatures") Sponsored by: The FreeBSD Foundation --- crypto/openssh/sshd_config.5 | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 527f3d4bb46e..57edd8dc28ac 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -35,7 +35,7 @@ .\" .\" $OpenBSD: sshd_config.5,v 1.335 2021/09/03 05:25:50 dtucker Exp $ .\" $FreeBSD$ -.Dd $Mdocdate: September 3 2021 $ +.Dd $Mdocdate: December 4 2021 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -690,12 +690,11 @@ sk-ssh-ed25519-cert-v01@openssh.com, sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, -ssh-rsa-cert-v01@openssh.com, ssh-ed25519, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, sk-ssh-ed25519@openssh.com, sk-ecdsa-sha2-nistp256@openssh.com, -rsa-sha2-512,rsa-sha2-256,ssh-rsa +rsa-sha2-512,rsa-sha2-256 .Ed .Pp The list of available signature algorithms may also be obtained using @@ -775,12 +774,11 @@ sk-ssh-ed25519-cert-v01@openssh.com, sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, -ssh-rsa-cert-v01@openssh.com, ssh-ed25519, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, sk-ssh-ed25519@openssh.com, sk-ecdsa-sha2-nistp256@openssh.com, -rsa-sha2-512,rsa-sha2-256,ssh-rsa +rsa-sha2-512,rsa-sha2-256 .Ed .Pp The list of available signature algorithms may also be obtained using @@ -1531,12 +1529,11 @@ sk-ssh-ed25519-cert-v01@openssh.com, sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, -ssh-rsa-cert-v01@openssh.com, ssh-ed25519, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, sk-ssh-ed25519@openssh.com, sk-ecdsa-sha2-nistp256@openssh.com, -rsa-sha2-512,rsa-sha2-256,ssh-rsa +rsa-sha2-512,rsa-sha2-256 .Ed .Pp The list of available signature algorithms may also be obtained using