Timeline to Remove DSA Support from OpenSSH
canopic jug writes:
OpenSSH developer, Damien Miller, has announced plans to remove support for DSA keys from OpenSSH in the near future. His announcement describes the rationale, process, and proposed timeline.
The next release of OpenSSH (due around 2024/03) will make DSAoptional at compile time, but still enable it by default. Users anddownstream distributors of OpenSSH may use this option to explore theimpact of DSA removal in their environments, or to hard-deprecate itearly if they desire.
Around 2024/06, a release of OpenSSH will change this compile-timedefault to disable DSA. It may still be enabled by users/distributorsif needed.
Finally, in the first OpenSSH release after 2025/01/01 the DSA codewill be removed entirely.
In summary:
2024/01 - this announcement
2024/03 (estimated) - DSA compile-time optional, enabled by default
2024/06 (estimated) - DSA compile-time optional, *disabled* by default
2025/01 (estimated) - DSA is removed from OpenSSH
Very few will notice this change. However, for those few to whom this matters the effects are major.
Previously:
(2021) scp Will Be Replaced With sftp Soon
(2020) SHA-1 to be Disabled in OpenSSH and libssh
(2019) How SSH Key Shielding Works
(2016) Upgrade Your SSH Keys
(2014) OpenSSH No Longer has to Depend on OpenSSL
Read more of this story at SoylentNews.