[MacPorts] #70319: openssh @9.8p1 broke some key types

Sun Jul 14 19:29:02 UTC 2024

#70319: openssh @9.8p1 broke some key types
------------------------+----------------------
  Reporter:  fhgwright  |      Owner:  artkiver
      Type:  defect     |     Status:  assigned
  Priority:  Normal     |  Milestone:
 Component:  ports      |    Version:  2.9.3
Resolution:             |   Keywords:
      Port:  openssh    |
------------------------+----------------------

Comment (by danielluke):

 Replying to [comment:18 drosehn]:
 > I'm afraid I'm another one who was blindsided by the change to `openssh`
 .

 "blindsided" by forgetting that you made a config change in 2015 where the
 instructions warned you that this day was coming but you didn't migrate to
 some other key type...

 > As near as I can tell, it is not possible to install the older version.

 https://trac.macports.org/wiki/howto/InstallingOlderPort

 > Am I just stuck?  I understand that everyone involved is trying to "Do
 the Right Thing", but it leaves me with many servers that I cannot access.
 I know there are ways I can get around this by bouncing through other
 servers of mine, but that's going to get pretty painful.

 Using jump servers is super-easy to do with ssh, and it's probably what
 I'd set up anyway if I had old hardware that I couldn't update (especially
 since that hardware should be as segmented from the 'regular' internet as
 possible anyway as it's woefully out of date and clearly isn't receiving
 security updates any longer).

 If you /can/ run newer openssh on your old machines, you should do so. If
 you install Openssh from 2016 (version 7.2) or newer instead of relying on
 openssh from 2015 or older, you can use RSA keys which are still
 supported.

-- 
Ticket URL: <https://trac.macports.org/ticket/70319#comment:21>
MacPorts <https://www.macports.org/>
Ports system for macOS