open-vault/website/content/docs/secrets/ssh
Alexander Scheel f0dc3a553f
Switch to secure signing algorithm for SSH secrets engine (#14006)
* Explicitly call out SSH algorithm_signer default

Related: #11608

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use rsa-sha2-256 as the default SSH CA hash algo

As mentioned in the OpenSSH 8.2 release notes, OpenSSH will no longer be
accepting ssh-rsa signatures by default as these use the insecure SHA-1
algorithm.

For roles in which an explicit signature type wasn't specified, we
should change the default from SHA-1 to SHA-256 for security and
compatibility with modern OpenSSH releases.

See also: https://www.openssh.com/txt/release-8.2

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update docs mentioning new algorithm change

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix missing parenthesis, clarify new default value

* Add to side bar

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-18 10:44:01 -05:00
..
dynamic-ssh-keys.mdx Update repository links to point to main (#14112) 2022-02-17 14:30:56 -05:00
index.mdx feat(website): migrates nav data format and updates docs pages (#11242) 2021-04-06 13:49:04 -04:00
one-time-ssh-passwords.mdx feat(website): migrates nav data format and updates docs pages (#11242) 2021-04-06 13:49:04 -04:00
signed-ssh-certificates.mdx Switch to secure signing algorithm for SSH secrets engine (#14006) 2022-02-18 10:44:01 -05:00