Upgraded SHA-1 key signatures from warnings to failures. Added deprecation warning to ssh-rsa-cert-v00@openssh.com, ssh-rsa-cert-v01@openssh.com, x509v3-sign-rsa, and x509v3-ssh-rsa host key types.

2025-06-25 03:54:31 +02:00 · 2021-02-01 19:19:46 -05:00
parent dbe14a075e
commit c49a0fb22f
12 changed files with 40 additions and 17 deletions
--- a/test/docker/expected_results/openssh_5.6p1_test4.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test4.txt
@ -35,9 +35,11 @@
 [0;36m# host-key algorithms[0m
 [0;31m(key) ssh-rsa (3072-bit)                    -- [fail] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                            `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 [0;31m(key) ssh-rsa-cert-v01@openssh.com (3072-bit cert/1024-bit CA) -- [fail] using weak hashing algorithm[0m
-[0;33m                                                               `- [warn] using small 1024-bit modulus[0m
+[0;31m                                                               `- [fail] using small 1024-bit modulus[0m
                                                               `- [info] available since OpenSSH 5.6
+                                                               `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2

 [0;36m# encryption algorithms (ciphers)[0m
 [0;32m(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52[0m