Skip to content

test: drop ssh-dss openssh_server config #1433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

test: drop ssh-dss openssh_server config #1433

wants to merge 1 commit into from

Conversation

quaresmajose
Copy link

@quaresmajose quaresmajose commented Jul 25, 2024
edited by vszakats
Loading

The ssh-dss was deprecated [1] in the OpenSSH 9.8p1

Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at https://www.openssh.com/legacy.html

[1] https://www.openssh.com/releasenotes.html

@quaresmajose
test: drop ssh-dss openssh_server config
e337b0e 
The ssh-dss was deprecated [1] in the OpenSSH 9.8p1

Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
by default at run-time. These may be re-enabled using the
instructions at http://www.openssh.com/legacy.html

[1] https://www.openssh.com/releasenotes.html

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
@vszakats
Copy link
Member

vszakats commented Jul 25, 2024
edited
Loading

Sure, and this would fall over as soon as debian-testing upgrades to 9.8.
But then what to do with the CI tests that assume DSA support on the test server?

Shall we disable it by default in libssh2 and stop testing it now? Would you want to update the PR to that effect?

This was originally scheduled for September 2024, which is almost here, so doing it now probably doesn't make much difference. Also nobody ever commented on this schedule that I proposed, meaning either nobody cares, or everyone agrees, or nobody has seen it. The only issue I see is that announcement never made it into a release, for people to see it and prepare for it.

@quaresmajose
Copy link
Author

This patch was mostly to fix one of the test we run on openembedded that start regressing with the update to OpenSSH 9.8p1 openembedded/openembedded-core@1a2fef1

I believe we ran just a little of tests available in libssh2 and it was done in cross-compilation environment.
This is to say that I can try to fix and remove the remaining DSA support but it would be better to do that in some followup next step, because for that I need to become better understand the libssh2 code base and test infrastructure.

@MichaelBuckley
Copy link
Contributor

FWLIW, I didn't reply to the September 2024 schedule because it seemed fine to me. Dropping it earlier or later won't have any impact on the projects I work on.

@vszakats
Copy link
Member

@quaresmajose I'd prefer to handle this in a single commit, to avoid a broken CI disrupting other PRs.

@vszakats
Copy link
Member

An attempt to disable DSA by default: #1435

@vszakats vszakats mentioned this pull request Jul 30, 2024
Closed
@vszakats vszakats closed this in b7ab0fa Jul 30, 2024
@quaresmajose
Copy link
Author

@quaresmajose I'd prefer to handle this in a single commit, to avoid a broken CI disrupting other PRs.

@vszakats thanks for the fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@quaresmajose @vszakats @MichaelBuckley