Upgraded SHA-1 key signatures from warnings to failures. Added deprecation warning to ssh-rsa-cert-v00@openssh.com, ssh-rsa-cert-v01@openssh.com, x509v3-sign-rsa, and x509v3-ssh-rsa host key types.

2025-06-25 12:04:32 +02:00 · 2021-02-01 19:19:46 -05:00
parent dbe14a075e
commit c49a0fb22f
12 changed files with 40 additions and 17 deletions
--- a/test/docker/expected_results/openssh_8.0p1_test1.txt
+++ b/test/docker/expected_results/openssh_8.0p1_test1.txt
@ -25,6 +25,7 @@
 [0;32m(key) rsa-sha2-256 (3072-bit)               -- [info] available since OpenSSH 7.2[0m
 [0;31m(key) ssh-rsa (3072-bit)                    -- [fail] using weak hashing algorithm[0m
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
+                                            `- [info] a future deprecation notice has been issued in OpenSSH 8.2: https://www.openssh.com/txt/release-8.2
 [0;31m(key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves[0m
 [0;33m                                            `- [warn] using weak random number generator could reveal the key[0m
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62