[MacPorts] #70319: openssh @9.8p1 broke some key types
MacPorts
noreply at macports.org
Mon Jul 8 02:13:09 UTC 2024
#70319: openssh @9.8p1 broke some key types
------------------------+----------------------
Reporter: fhgwright | Owner: artkiver
Type: defect | Status: assigned
Priority: High | Milestone:
Component: ports | Version: 2.9.3
Resolution: | Keywords:
Port: openssh |
------------------------+----------------------
Comment (by danielluke):
Replying to [comment:10 fhgwright]:
> OK, but that just means that a long-forgotten config-file tweak that was
made out of necessity years ago has been rendered inoperative with no
notice.
In order to make the config tweak, you had to read the notice (from
upstream).
> BTW, claims about OpenSSH 7 and 2015 are wrong, at least in the MacPorts
context. The `openssh` port didn't start requiring the config tweak until
8.8p1, issued in Oct-2021. And oddly enough, I don't see anything in the
port diffs from 8.4p1 to 8.8p1 relating to key types.
7.0 disabled dsa (2015)
8.8 disabled ssh-rsa using sha-1 signatures (2021)
MacPorts didn't do anything to enable these and if you continued using
them you had to manually change your configuration.
> Another issue is that the old key types are necessary to interoperate
with the Apple `sshd` in OS versions prior to 10.12.
OpenSSH since 7.2 (2016) supports ssh-rsa keys with RFC8332
RSA/SHA-256/512 signatures and upgrades existing rsa keys to use the newer
signature algorithm where possible.
> Replying to [comment:9 artkiver]:
> > If you want to create a variant that enables DSA support, you're
welcome to submit a PR, but I would be against it.
>
> I don't understand this comment. Are you saying that one is free to
create, test, and submit a PR which is guaranteed to be rejected due to
maintainer opposition?
It sounds like the maintainer doesn't like the idea and won't pursue it,
but probably would accept it.
--
Ticket URL: <https://trac.macports.org/ticket/70319#comment:11>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list