[afnog] Fwd: [FreeBSD-Announce] HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0
Andrew Alston
Andrew.Alston at liquidtelecom.com
Thu Sep 1 06:43:09 UTC 2016
Just as a further note –
The first version of Cisco XR that actually supports non-DSA keys from what I can see is version 6, I’ve yet to find a way to get anything prior to XR 6 actually do anything other than DSA, so those config options become mandatory right now on Ubuntu 16 servers etc.
(If there IS a way to get XR 5.x to do non-DSA, I’d appreciate if someone could give me details)
Andrew
On 01/09/2016, 8:05 AM, "afnog on behalf of Daniel Shaw" <afnog-bounces at afnog.org on behalf of daniel at afrinic.net> wrote:
> On 1 Sep 2016, at 1:30 AM, Patrick Okui <pokui at psg.com> wrote:
>
> I’m sure most of us have seen this,
Indeed. Thanks for highlighting Patrick!
> but many operating systems have deprecated DSA keys due to new versions of OpenSSH.
Just to add a little more detail in case anyone has not yet seen this... Note that if your *client* machine (where you ssh *from*) updates to a new version with DSA deprecated, then by default it refuses to use existing DSA keys at all. Thus if you are using a DSA key for logins elsewhere, your login will fail.
You can of course temporarily override the deprecation (for now) with a config option to allow you into your remote side to upload your new RSA key.
Regards,
Daniel
_______________________________________________
afnog mailing list
https://www.afnog.org/mailman/listinfo/afnog
More information about the afnog
mailing list