diff options
author | jeaye <contact@jeaye.com> | 2017-11-18 15:26:05 -0800 |
---|---|---|
committer | jeaye <contact@jeaye.com> | 2017-11-18 15:35:56 -0800 |
commit | 03f7adfdd13ba04619ab6e6bdb7448894494c58e (patch) | |
tree | f79b8a3078927a6d47e1b5b092a8344960f15999 /nixos/doc | |
parent | 2a8bd9e2a11a8e69448682d8f8289ea021246354 (diff) | |
download | nixlib-03f7adfdd13ba04619ab6e6bdb7448894494c58e.tar nixlib-03f7adfdd13ba04619ab6e6bdb7448894494c58e.tar.gz nixlib-03f7adfdd13ba04619ab6e6bdb7448894494c58e.tar.bz2 nixlib-03f7adfdd13ba04619ab6e6bdb7448894494c58e.tar.lz nixlib-03f7adfdd13ba04619ab6e6bdb7448894494c58e.tar.xz nixlib-03f7adfdd13ba04619ab6e6bdb7448894494c58e.tar.zst nixlib-03f7adfdd13ba04619ab6e6bdb7448894494c58e.zip |
nixos/ssh: Update 18.03 release notes
Since ssh-dss is no longer supported by default, users relying on those keys for their login may be locked out. They should ideally use stronger keys, but adding the support for ssh-dss back in can also be done through extraConfig.
Diffstat (limited to 'nixos/doc')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1803.xml | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index c1fe692ceecb..b0e29182127e 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -72,6 +72,29 @@ following incompatible changes:</para> <option>services.pgmanage</option>. </para> </listitem> + <listitem> + <para> + <emphasis role="strong"> + The OpenSSH service no longer enables support for DSA keys by default, + which could cause a system lock out. Update your keys or, unfavorably, + re-enable DSA support manually. + </emphasis> + </para> + + <para> + DSA support was + <link xlink:href="https://www.openssh.com/legacy.html">deprecated in OpenSSH 7.0</link>, + due to it being too weak. To re-enable support, add + <literal>PubkeyAcceptedKeyTypes +ssh-dss</literal> to the end of your + <option>services.openssh.extraConfig</option>. + </para> + + <para> + After updating the keys to be stronger, anyone still on a pre-17.03 + version is safe to jump to 17.03, as vetted + <link xlink:href="https://search.nix.gsc.io/?q=stateVersion">here</link>. + </para> + </listitem> </itemizedlist> </section> |