From 6785e2d83ce61ff19f6d72e697c73c31181b9549 Mon Sep 17 00:00:00 2001 From: Harald Pfeiffer Date: Sun, 17 Jul 2022 15:42:51 +0200 Subject: +example paragraph for ssh-rsa connections --- .ssh/config.d/0000-all.conf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.ssh/config.d/0000-all.conf b/.ssh/config.d/0000-all.conf index 54a6137..b19eca4 100644 --- a/.ssh/config.d/0000-all.conf +++ b/.ssh/config.d/0000-all.conf @@ -14,3 +14,13 @@ ControlPath /run/user/%i/ssh/cm-%r@%h:%p # Hostname b.example.com # ProxyCommand ssh a.example.com -W %h:%p # # controlpath, controlmaster are the same as above +# +# For older SSH daemons: RSA SHA-1 is being quickly deprecated across OSes for various security +# vulnerabilities. If you need to re-enable that (e.g. for hardware like network devices which are +# often prone to vulnerabilities due to slow upgrading), you can re-enable this and you SHOULD do +# this ONLY for specific hosts. (Yes, this ofc also affects clients - which it did on an Arch Linux here.) +# Also see https://www.openssh.com/txt/release-8.2 +# If you have a proper naming convention for your devices, you can still easily wildcard this. If you +# don't, you either don't have many devices or you moronically did not think device names through. ;-) +# Host sophos* *-mik-* +# PubkeyAcceptedKeyTypes +ssh-rsa -- cgit v1.2.3