mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-20 00:13:53 -05:00
67e49339ec
* Explicitly call out SSH algorithm_signer default Related: #11608 Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use rsa-sha2-256 as the default SSH CA hash algo As mentioned in the OpenSSH 8.2 release notes, OpenSSH will no longer be accepting ssh-rsa signatures by default as these use the insecure SHA-1 algorithm. For roles in which an explicit signature type wasn't specified, we should change the default from SHA-1 to SHA-256 for security and compatibility with modern OpenSSH releases. See also: https://www.openssh.com/txt/release-8.2 Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Update docs mentioning new algorithm change Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Fix missing parenthesis, clarify new default value * Add to side bar Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> |
||
|---|---|---|
| .. | ||
| cmd/ssh | ||
| backend.go | ||
| backend_test.go | ||
| communicator.go | ||
| linux_install_script.go | ||
| path_config_ca.go | ||
| path_config_ca_test.go | ||
| path_config_zeroaddress.go | ||
| path_creds_create.go | ||
| path_fetch.go | ||
| path_keys.go | ||
| path_lookup.go | ||
| path_roles.go | ||
| path_sign.go | ||
| path_verify.go | ||
| secret_dynamic_key.go | ||
| secret_otp.go | ||
| util.go | ||