[packages/openssh] allow dsa keys also client side, enable by default

Arkadiusz Miśkiewicz arekm at maven.pl
Tue Oct 6 09:57:00 CEST 2015


On Tuesday 06 of October 2015, glen wrote:
> commit 0c97474bafebbdc86d13d41624a85cccc55c02e0
> Author: Elan Ruusamäe <glen at delfi.ee>
> Date:   Tue Oct 6 10:04:54 2015 +0300
> 
>     allow dsa keys also client side, enable by default
> 
>  openssh-config.patch | 6 ++++--
>  openssh.spec         | 2 +-
>  2 files changed, 5 insertions(+), 3 deletions(-)

That change is harmful. With this change people won't notice that DSA is to be 
dropped, won't migrate from DSA keys and will end up with big problem when 
finally openssh team drops DSA support.

Please revert it (at least revert on client side; server side could enable DSA 
keys for a while), so people WILL notice and will migrate to RSA/ECDSA keys.

> @@ -22,7 +22,7 @@
>  +PermitEmptyPasswords no
>  +
>  +# Allow DSA keys
> -+#PubkeyAcceptedKeyTypes +ssh-dss
> ++PubkeyAcceptedKeyTypes +ssh-dss

> ++	# Allow DSA keys
> ++	PubkeyAcceptedKeyTypes +ssh-dss
>  +# Send locale-related environment variables, also pass some GIT vars


-- 
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )


More information about the pld-devel-en mailing list