[packages/openssh] allow dsa keys also client side, enable by default
Elan Ruusamäe
glen at pld-linux.org
Tue Oct 6 10:08:15 CEST 2015
On 06.10.2015 10:57, Arkadiusz Miśkiewicz wrote:
> On Tuesday 06 of October 2015, glen wrote:
>> commit 0c97474bafebbdc86d13d41624a85cccc55c02e0
>> Author: Elan Ruusamäe <glen at delfi.ee>
>> Date: Tue Oct 6 10:04:54 2015 +0300
>>
>> allow dsa keys also client side, enable by default
>>
>> openssh-config.patch | 6 ++++--
>> openssh.spec | 2 +-
>> 2 files changed, 5 insertions(+), 3 deletions(-)
> That change is harmful. With this change people won't notice that DSA is to be
> dropped, won't migrate from DSA keys and will end up with big problem when
> finally openssh team drops DSA support.
>
> Please revert it (at least revert on client side; server side could enable DSA
> keys for a while), so people WILL notice and will migrate to RSA/ECDSA keys.
shouldn't it be opposite?
a) allow in server
b) disable in client
then user will notice key does not work, but CAN do something about it
clientside, log in with dsa key and add new rsa key there.
when server side disabled, user can't do anything without ssh server
admin access. i'll assume here password auth is already off.
--
glen
More information about the pld-devel-en
mailing list