git.lirion.de

Of git, get, and gud

aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormail_redacted_for_web 2022-07-17 15:42:51 +0200
committermail_redacted_for_web 2022-07-17 15:42:51 +0200
commit6785e2d83ce61ff19f6d72e697c73c31181b9549 (patch)
tree68770399f6a65fdb2472a7b43cbdeac9e92a3535
parent8f1d24f24b3e3607587d371488e4e5dcb36b5b64 (diff)
downloaddotfiles-6785e2d83ce61ff19f6d72e697c73c31181b9549.tar.bz2
+example paragraph for ssh-rsa connections
-rw-r--r--.ssh/config.d/0000-all.conf10
1 files changed, 10 insertions, 0 deletions
diff --git a/.ssh/config.d/0000-all.conf b/.ssh/config.d/0000-all.conf
index 54a6137..b19eca4 100644
--- a/.ssh/config.d/0000-all.conf
+++ b/.ssh/config.d/0000-all.conf
@@ -14,3 +14,13 @@ ControlPath /run/user/%i/ssh/cm-%r@%h:%p
# Hostname b.example.com
# ProxyCommand ssh a.example.com -W %h:%p
# # controlpath, controlmaster are the same as above
+#
+# For older SSH daemons: RSA SHA-1 is being quickly deprecated across OSes for various security
+# vulnerabilities. If you need to re-enable that (e.g. for hardware like network devices which are
+# often prone to vulnerabilities due to slow upgrading), you can re-enable this and you SHOULD do
+# this ONLY for specific hosts. (Yes, this ofc also affects clients - which it did on an Arch Linux here.)
+# Also see https://www.openssh.com/txt/release-8.2
+# If you have a proper naming convention for your devices, you can still easily wildcard this. If you
+# don't, you either don't have many devices or you moronically did not think device names through. ;-)
+# Host sophos* *-mik-*
+# PubkeyAcceptedKeyTypes +ssh-rsa