diff options
-rw-r--r-- | debian/README.Debian | 28 | ||||
-rw-r--r-- | debian/changelog | 2 |
2 files changed, 2 insertions, 28 deletions
diff --git a/debian/README.Debian b/debian/README.Debian index f37cce4b0..00dfea13d 100644 --- a/debian/README.Debian +++ b/debian/README.Debian | |||
@@ -49,34 +49,6 @@ incorrect, and feel strongly enough to want to argue about it, then | |||
49 | send email to debian-ssh@lists.debian.org. I will close bug reports | 49 | send email to debian-ssh@lists.debian.org. I will close bug reports |
50 | claiming the default is incorrect. | 50 | claiming the default is incorrect. |
51 | 51 | ||
52 | SSH now uses protocol 2 by default | ||
53 | ---------------------------------- | ||
54 | |||
55 | This means all your keyfiles you used for protocol version 1 need to | ||
56 | be re-generated. The server keys are done automatically, but for RSA | ||
57 | authentication, please read the ssh-keygen manpage. | ||
58 | |||
59 | If you have an automatically generated configuration file, and decide | ||
60 | at a later stage that you do want to support protocol version 1 (not | ||
61 | recommended, but note that the ssh client shipped with Debian potato | ||
62 | only supported protocol version 1), then you need to do the following: | ||
63 | |||
64 | Change /etc/ssh/sshd_config such that: | ||
65 | Protocol 2 | ||
66 | becomes: | ||
67 | Protocol 2,1 | ||
68 | Also add the line: | ||
69 | HostKey /etc/ssh/ssh_host_key | ||
70 | |||
71 | If you do not already have an RSA1 host key in /etc/ssh/ssh_host_key, | ||
72 | you will need to generate one. To do so, run this command as root: | ||
73 | |||
74 | ssh-keygen -f /etc/ssh/ssh_host_key -N '' -t rsa1 | ||
75 | |||
76 | As of openssh-server 1:4.1p1-2, the option to support protocol version 1 | ||
77 | is no longer available via debconf. You must edit the configuration file | ||
78 | instead. | ||
79 | |||
80 | X11 Forwarding | 52 | X11 Forwarding |
81 | -------------- | 53 | -------------- |
82 | 54 | ||
diff --git a/debian/changelog b/debian/changelog index b195b6708..5dc215554 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -26,6 +26,8 @@ openssh (1:6.5p1-1) UNRELEASED; urgency=medium | |||
26 | to add such host keys should manually add 'HostKey | 26 | to add such host keys should manually add 'HostKey |
27 | /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run | 27 | /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run |
28 | 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'. | 28 | 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'. |
29 | * Drop long-obsolete "SSH now uses protocol 2 by default" section from | ||
30 | README.Debian. | ||
29 | 31 | ||
30 | -- Colin Watson <cjwatson@debian.org> Sun, 09 Feb 2014 15:52:14 +0000 | 32 | -- Colin Watson <cjwatson@debian.org> Sun, 09 Feb 2014 15:52:14 +0000 |
31 | 33 | ||