1 files changed, 12 insertions, 0 deletions
diff --git a/UPGRADING b/UPGRADING
index b1c0b9da3..f9732cf53 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -33,3 +33,15 @@ Commercial SSH controlled logging using the "QuietMode" and
 logging options "SyslogFacility" and "LogLevel". See the sshd manual
 page for details.
+4. Warning messages about key lengths
+Commercial SSH's ssh-keygen program contained a bug which caused it to
+occasionally generate RSA keys which had their Most Significant Bit
+(MSB) unset. Such keys were advertised as being full-length, but are
+actually only half as secure.
+OpenSSH will print warning messages when it encounters such keys. To
+rid yourself of these message, edit you known_hosts files and replace
+the incorrect key length (usually "1024") with the correct key length
+(usually "1023").

diff --git a/UPGRADING b/UPGRADING index b1c0b9da3..f9732cf53 100644 --- a/UPGRADING +++ b/UPGRADING
@@ -33,3 +33,15 @@ Commercial SSH controlled logging using the "QuietMode" and
33	logging options "SyslogFacility" and "LogLevel". See the sshd manual	33	logging options "SyslogFacility" and "LogLevel". See the sshd manual
34	page for details.	34	page for details.
35		35
		36	4. Warning messages about key lengths
		37
		38	Commercial SSH's ssh-keygen program contained a bug which caused it to
		39	occasionally generate RSA keys which had their Most Significant Bit
		40	(MSB) unset. Such keys were advertised as being full-length, but are
		41	actually only half as secure.
		42
		43	OpenSSH will print warning messages when it encounters such keys. To
		44	rid yourself of these message, edit you known_hosts files and replace
		45	the incorrect key length (usually "1024") with the correct key length
		46	(usually "1023").
		47