Upgraded SHA-1 key signatures from warnings to failures. Added deprecation warning to ssh-rsa-cert-v00@openssh.com, ssh-rsa-cert-v01@openssh.com, x509v3-sign-rsa, and x509v3-ssh-rsa host key types.

2025-06-25 03:54:31 +02:00 · 2021-02-01 19:19:46 -05:00
parent dbe14a075e
commit c49a0fb22f
12 changed files with 40 additions and 17 deletions
--- a/test/docker/expected_results/openssh_5.6p1_test1.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test1.txt
@ -34,8 +34,9 @@

 [0;36m# host-key algorithms[0m
 [0;31m(key) ssh-rsa (1024-bit)                    -- [fail] using weak hashing algorithm[0m
-[0;33m                                            `- [warn] using small 1024-bit modulus[0m
+[0;31m                                            `- [fail] using small 1024-bit modulus[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                            `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 [0;31m(key) ssh-dss                               -- [fail] using small 1024-bit modulus[0m
 [0;31m                                            `- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm[0m
 [0;33m                                            `- [warn] using weak random number generator could reveal the key[0m