Allow SHA1 deprecation for rsa-sha

Nuno Gonçalves nunojpg at gmail.com
Thu Apr 6 00:41:23 AEST 2017


On Wed, Apr 5, 2017 at 10:21 AM, Jakub Jelen <jjelen at redhat.com> wrote:
> Your proposal sounds reasonable, though not sure if this should all go into
> this single configuration option, or we should use different talking about
> the hash algorithms such as PubkeySignatureHash, since the existing list of
> algorithms (PubkeyAcceptedKeyTypes) is long enough already.

Actually I tried exactly as you suggested 1 month ago [1], but I'm not
sure if that is the best way forward now after comments from Douglas,
and so I was proposing to just extend the same option.

Anyway I'll wait for comments  for 1 week and then eventually provide
patchs for both options as they are quite trivial in any case.

Thanks,
Nuno

[1] https://github.com/nunojpg/openssh-portable/commit/1739aceb34c0eb4a9b363ff2515925e093d7ddcc


More information about the openssh-unix-dev mailing list