Add a deprecation warning for SSH DSA keys
Closed, DuplicatePublic
Actions

Assigned To

Authored By

	dmbaturin
	Aug 11 2025, 11:21 AM

Description

Debian Trixie includes OpenSSH 9.8 that has completely removed support for the old and insecure DSA keys (see https://www.debian.org/releases/trixie/release-notes/issues.en.html#openssh-no-longer-supports-dsa-keys).

VyOS 1.6 will almost certainly be based on Trixie and unable to support those, so we should add a deprecation warning to currently supported releases to let people know they need to update their keys.

Since people hardly add new DSA keys, we may want to show a warning on login if the user has DSA keys rather than just a commit warning.

Details

Version: -
Is it a breaking change?: Perfectly compatible
Issue type: Functionality deprecation

Related Objects

Mentioned Here: T7839: Add a deprecation warning for ssh-dss keys

Event Timeline

dmbaturin created this task.Aug 11 2025, 11:21 AM

pasik subscribed.Aug 11 2025, 11:24 AM

Seems duplicate of https://vyos.dev/T7839

Viacheslav closed this task as Resolved.Sep 24 2025, 11:57 PM

Viacheslav claimed this task.

Viacheslav merged a task: T7839: Add a deprecation warning for ssh-dss keys.

Viacheslav moved this task from Need Triage to Completed on the VyOS Rolling board.

Viacheslav moved this task from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q3) board.

Viacheslav moved this task from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.4) board.

Viacheslav added subscribers: c-po, sarthurdev, yun.

dmbaturin closed this task as a duplicate of T7839: Add a deprecation warning for ssh-dss keys.Oct 28 2025, 2:40 PM

dmbaturin removed a project: VyOS 1.4 Sagitta (1.4.4).Wed, Nov 19, 2:21 PM

Add a deprecation warning for SSH DSA keysClosed, DuplicatePublicActions

Description

Details

Related Objects

Event Timeline

Add a deprecation warning for SSH DSA keys
Closed, DuplicatePublic
Actions