git: cea0d3689efe - main - ssh: update sshd_config(5) for RSA/SHA-1 signature removal

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Ed Maste <emaste_at_FreeBSD.org>
Date: Tue, 08 Mar 2022 22:00:51 UTC
The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=cea0d3689efe459118ed5fd4e3e7538bf85d4642

commit cea0d3689efe459118ed5fd4e3e7538bf85d4642
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-03-08 21:56:04 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-03-08 21:56:56 +0000

    ssh: update sshd_config(5) for RSA/SHA-1 signature removal
    
    OpenSSH 8.8p1 removed RSA/SHA-1 signatures by default, but failed to
    update sshd_config(5).  It was updated upstream after the release in
    b711bc01a7ec and da4035523406.
    
    Fixes:          8c22023ca5e1 ("ssh: disable RSA/SHA-1 signatures")
    Sponsored by:   The FreeBSD Foundation
---
 crypto/openssh/sshd_config.5 | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5
index 527f3d4bb46e..57edd8dc28ac 100644
--- a/crypto/openssh/sshd_config.5
+++ b/crypto/openssh/sshd_config.5
@@ -35,7 +35,7 @@
 .\"
 .\" $OpenBSD: sshd_config.5,v 1.335 2021/09/03 05:25:50 dtucker Exp $
 .\" $FreeBSD$
-.Dd $Mdocdate: September 3 2021 $
+.Dd $Mdocdate: December 4 2021 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -690,12 +690,11 @@ sk-ssh-ed25519-cert-v01@openssh.com,
 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,
 ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
-rsa-sha2-512,rsa-sha2-256,ssh-rsa
+rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
 The list of available signature algorithms may also be obtained using
@@ -775,12 +774,11 @@ sk-ssh-ed25519-cert-v01@openssh.com,
 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,
 ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
-rsa-sha2-512,rsa-sha2-256,ssh-rsa
+rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
 The list of available signature algorithms may also be obtained using
@@ -1531,12 +1529,11 @@ sk-ssh-ed25519-cert-v01@openssh.com,
 sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,
 ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
-rsa-sha2-512,rsa-sha2-256,ssh-rsa
+rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
 The list of available signature algorithms may also be obtained using