f0dc3a553f
* Explicitly call out SSH algorithm_signer default Related: #11608 Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use rsa-sha2-256 as the default SSH CA hash algo As mentioned in the OpenSSH 8.2 release notes, OpenSSH will no longer be accepting ssh-rsa signatures by default as these use the insecure SHA-1 algorithm. For roles in which an explicit signature type wasn't specified, we should change the default from SHA-1 to SHA-256 for security and compatibility with modern OpenSSH releases. See also: https://www.openssh.com/txt/release-8.2 Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Update docs mentioning new algorithm change Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Fix missing parenthesis, clarify new default value * Add to side bar Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> |
||
---|---|---|
.. | ||
dynamic-ssh-keys.mdx | ||
index.mdx | ||
one-time-ssh-passwords.mdx | ||
signed-ssh-certificates.mdx |