[afnog] Fwd: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0
Patrick Okui
pokui at psg.com
Wed Aug 31 21:30:26 UTC 2016
I’m sure most of us have seen this, but many operating systems have
deprecated DSA keys due to new versions of OpenSSH. Time to generate a
(large) RSA key if you haven’t already.[*]
--
patrick
[*] I don’t quite understand EC curves so I’m staying away from them
for now.
Forwarded message:
> From: Glen Barber <gjb at FreeBSD.org>
> To: freebsd-current at freebsd.org, freebsd-stable at freebsd.org,
> freebsd-announce at freebsd.org
> Subject: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated
> in 12.0 and 11.0
> Date: Fri, 5 Aug 2016 01:59:18 +0000
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> This is a heads-up that OpenSSH keys are deprecated upstream by
> OpenSSH, and will be deprecated effective 11.0-RELEASE (and preceeding
> RCs).
>
> Please see r303716 for details on the relevant commit, but upstream no
> longer considers them secure. Please replace DSA keys with ECDSA or
> RSA keys as soon as possible, otherwise there will be issues when
> upgrading from 11.0-BETA4 to the subsequent 11.0 build, but most
> definitely the 11.0-RELEASE build.
>
> Glen
> On behalf of: re@ and secteam@
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJXo/L2AAoJEAMUWKVHj+KTG3sP/3j5PBVMBlYVVR+M4PUoRJjb
> kShIRFHzHUV9YzTIljtqOVf/f/mw3kRHA4fUonID5AJlo23ht9cwGOvGUi5H3lBK
> rnL9vsU9lvZoGyaHLpR/nikMOaRTa8bl1cdpULlEGH94HEzDuLT92AtAZ5HtdDEl
> GcXRfTe3eGOaxcqNSF8NKSMQQ8rzbKmsgsa5Cbf0PYToemn3xyPAr+9Nz8tbSrlR
> TrrFhzOR6+Ix0NcYJAKs6RUZ2kgbAheYF6nQmAHlJzyBihlfdfieJdysqNwSOQ8u
> c7CyBLNFrGKqYTDVQI36MUwoyVtEqbOjt3cPitsMsD3fVAf05H7dHp/0iqrUghUs
> 60HYOjfmvZxH5wvhEPdv/wPLAZeosdQgW8np3Y5cztw7cxZXF+PxoMjRcnXVpQ2c
> QIZg3RsiQmJtAT4Z2OuvYikqGzrpsVido0um/KMM9b82XilJExxPPzgEpXCK3CE8
> 7TchzrRA/W27eST4VXoNYrrMlmpavur1IxvMS54fBOu98efTIoER6uJc1t7qcL6r
> mEVmBoMqecg+auuWqz50Bh8K329dlYuGLMbk/Ktc3agXtpkw88ylDmC6l5N7qrnL
> kSb4i3DboU7R1cltiin3c/P+ahwfKQdNH18QbN3utJuzSSRVvXq4laUGFlRhWEEx
> bLbbH2fh5bxDmDXDMdCF
> =LLtP
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-announce at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-announce
> To unsubscribe, send any mail to
> "freebsd-announce-unsubscribe at freebsd.org"
>
More information about the afnog
mailing list