HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Aug 5 08:48:20 UTC 2016

On 08/05/16 03:09, Glen Barber wrote:
> On Fri, Aug 05, 2016 at 01:59:18AM +0000, Glen Barber wrote:
>> This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
>> and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
> Stupid editor mistake.  OpenSSH DSA keys are deprecated upstream.  Sorry
> for any confusion.
>> Please see r303716 for details on the relevant commit, but upstream no
>> longer considers them secure.  Please replace DSA keys with ECDSA or RSA

I believe ED25519 keys are also a preferred type.

>> keys as soon as possible, otherwise there will be issues when upgrading
>> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the
>> 11.0-RELEASE build.
> Glen
> On behalf of:	re@ and secteam@



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20160805/a7357481/attachment.sig>

More information about the freebsd-current mailing list