-
Kristian Klausen authored
It has been disabled client side since 7.0[1] (2015-08-11), server side since 7.7[2][3] (2018-04-02), default DSA host key generation has been disabled since 9.1[4] (2022-10-04) and with 9.8[5] (2024-07-01) DSA support is disabled by default at compile time. In other words, DSA has de facto been disabled (by default) for years. From the 9.8 release notes[5]: "OpenSSH plans to remove support for the DSA signature algorithm in early 2025" The DSA host keys have been removed on our servers by running[6]: ansible all -a "rm /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub" [1] https://www.openssh.com/txt/release-7.0 [2] https://bugzilla.mindrot.org/show_bug.cgi?id=2662 [3] https://github.com/openssh/openssh-portable/commit/88c50a5ae20902715f0fca306bb9c38514f71679 [4] https://www.openssh.com/txt/release-9.1 [5] https://www.openssh.com/txt/release-9.8 [6] #596 (comment 203938) Fix #596
Loading