OpenSSH to remove DSA support

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Christian Weisgerber <naddy_at_mips.inka.de>
Date: Thu, 11 Jan 2024 15:34:42 UTC

Since users always moan that such changes are "sudden" and "unexpected",
I'd like to raise awareness that OpenSSH will remove support for
DSA keys (ssh-dss) in a year's time.

| In summary:
| 2024/01 - this announcement
| 2024/03 (estimated) - DSA compile-time optional, enabled by default
| 2024/06 (estimated) - DSA compile-time optional, *disabled* by default
| 2025/01 (estimated) - DSA is removed from OpenSSH

DSA keys have already been disabled by default for years, since
FreeBSD 11, so this won't concern you at all unless you use
HostKeyAlgorithms=+ssh-dss for connecting to old switches or such.

Here's the full announcement:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-January/041132.html

-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de