SoylentNews

canopic jug [soylentnews.org] writes:

OpenSSH developer, Damien Miller, has announced plans to remove support for DSA keys from OpenSSH [mindrot.org] in the near future. His announcement describes the rationale, process, and proposed timeline.

The next release of OpenSSH (due around 2024/03) will make DSA optional at compile time, but still enable it by default. Users and downstream distributors of OpenSSH may use this option to explore the impact of DSA removal in their environments, or to hard-deprecate it early if they desire.

Around 2024/06, a release of OpenSSH will change this compile-time default to disable DSA. It may still be enabled by users/distributors if needed.

Finally, in the first OpenSSH release after 2025/01/01 the DSA code will be removed entirely.

In summary:

2024/01 - this announcement
2024/03 (estimated) - DSA compile-time optional, enabled by default
2024/06 (estimated) - DSA compile-time optional, *disabled* by default
2025/01 (estimated) - DSA is removed from OpenSSH

Very few will notice this change. However, for those few to whom this matters the effects are major.

Previously:
(2021) scp Will Be Replaced With sftp Soon [soylentnews.org]
(2020) SHA-1 to be Disabled in OpenSSH and libssh [soylentnews.org]
(2019) How SSH Key Shielding Works [soylentnews.org]
(2016) Upgrade Your SSH Keys [soylentnews.org]
(2014) OpenSSH No Longer has to Depend on OpenSSL [soylentnews.org]

Original Submission