On Wed, Mar 10, 2021 at 06:58:51PM +0100, Daniel Pocock wrote: > > Hi all, > > I put some comments on the OpenSSH mailing list[1] about UpdateHostKeys > and other SHA-1 related changes. > > The OpenSSH release notes simply tell people to update OpenSSH. In > practice, people who use distributions like Fedora, RHEL and CentOS are > going to wait for a package. Security conscious users who can't > completely disable ssh may use the MACs parameter in ssh_config, > sshd_config or both. > > What does it mean from a Fedora perspective? For example: > > - did anybody already write any wiki page, FAQ or guide for Fedora users > to navigate the SHA-1 issue in SSH? > > - will Fedora be more proactive than upstream in disabling SHA-1 or will > Fedora simply follow the timeline from upstream? I really hope we don't remove the ability to connect to old servers (eg. running RHEL 5). At the moment you have to opt-in by setting the crypto-policy to LEGACY and running update-crypto-policies(8), which is bearable. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
