Re: Heads-up: DSA key support being removed from OpenSSH

In reply to: Christian Weisgerber : "Re: Heads-up: DSA key support being removed from OpenSSH"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Ed Maste <emaste_at_freebsd.org>
Date: Wed, 09 Apr 2025 17:34:22 UTC

On Tue, 1 Apr 2025 at 20:40, Christian Weisgerber <naddy@mips.inka.de> wrote:
>
> Christian Weisgerber:
>
> > If OpenSSH upstream stick to the published schedule, version 9.9
> > that is now in 13-STABLE/14-STABLE/15-CURRENT will be the _final_
> > release that even includes the DSA code.
>
> Subject: Call for testing: OpenSSH 10.0
> [...]
> Potentially-incompatible changes
> --------------------------------
>
>  * This release removes support for the weak DSA signature
>    algorithm, completing the deprecation process that began in
>    2015 (when DSA was disabled by default) and repeatedly warned
>    over the the last 12 months.
> [...]
>
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041855.html

I'm preparing to import OpenSSH 10.0 into the FreeBSD base system, and
intend to merge the DSA removal separately in advance. Two reviews are
open for this:
- https://reviews.freebsd.org/D49739
- https://reviews.freebsd.org/D49740 (rc.d/sshd update from jlduran)