diff options
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-1803.xml')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1803.xml | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index c1fe692ceecba..b0e29182127ef 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -72,6 +72,29 @@ following incompatible changes:</para> <option>services.pgmanage</option>. </para> </listitem> + <listitem> + <para> + <emphasis role="strong"> + The OpenSSH service no longer enables support for DSA keys by default, + which could cause a system lock out. Update your keys or, unfavorably, + re-enable DSA support manually. + </emphasis> + </para> + + <para> + DSA support was + <link xlink:href="https://www.openssh.com/legacy.html">deprecated in OpenSSH 7.0</link>, + due to it being too weak. To re-enable support, add + <literal>PubkeyAcceptedKeyTypes +ssh-dss</literal> to the end of your + <option>services.openssh.extraConfig</option>. + </para> + + <para> + After updating the keys to be stronger, anyone still on a pre-17.03 + version is safe to jump to 17.03, as vetted + <link xlink:href="https://search.nix.gsc.io/?q=stateVersion">here</link>. + </para> + </listitem> </itemizedlist> </section> |