upstream: After years of forewarning, disable the RSA/SHA-1

signature algorithm by default. It is feasible to create colliding SHA1
hashes, so we need to deprecate its use.

RSA/SHA-256/512 remains available and will be transparently selected
instead of RSA/SHA1 for most SSH servers released in the last five+
years. There is no need to regenerate RSA keys.

The use of RSA/SHA1 can be re-enabled by adding "ssh-rsa" to the
PubkeyAcceptedAlgorithms directives on the client and server.

ok dtucker deraadt

OpenBSD-Commit-ID: 189bcc4789c7254e09e23734bdd5def8354ff1d5
This commit is contained in:
djm@openbsd.org 2021-08-29 23:53:10 +00:00 committed by Damien Miller
parent 56c4455d3b
commit 2344750250
1 changed files with 2 additions and 4 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: myproposal.h,v 1.68 2020/10/03 04:15:06 djm Exp $ */ /* $OpenBSD: myproposal.h,v 1.69 2021/08/29 23:53:10 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -46,7 +46,6 @@
"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \ "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \
"rsa-sha2-512-cert-v01@openssh.com," \ "rsa-sha2-512-cert-v01@openssh.com," \
"rsa-sha2-256-cert-v01@openssh.com," \ "rsa-sha2-256-cert-v01@openssh.com," \
"ssh-rsa-cert-v01@openssh.com," \
"ssh-ed25519," \ "ssh-ed25519," \
"ecdsa-sha2-nistp256," \ "ecdsa-sha2-nistp256," \
"ecdsa-sha2-nistp384," \ "ecdsa-sha2-nistp384," \
@ -54,8 +53,7 @@
"sk-ssh-ed25519@openssh.com," \ "sk-ssh-ed25519@openssh.com," \
"sk-ecdsa-sha2-nistp256@openssh.com," \ "sk-ecdsa-sha2-nistp256@openssh.com," \
"rsa-sha2-512," \ "rsa-sha2-512," \
"rsa-sha2-256," \ "rsa-sha2-256"
"ssh-rsa"
#define KEX_SERVER_ENCRYPT \ #define KEX_SERVER_ENCRYPT \
"chacha20-poly1305@openssh.com," \ "chacha20-poly1305@openssh.com," \