Colin Watson wrote: > The two remaining high-priority questions in 1:3.8p1-1 are: > > Template: ssh/encrypted_host_key_but_no_keygen I feel that this is clearly significant enough to be asked at critical priority. > Template: ssh/user_environment_tell > Type: note > _Description: Environment options on keys have been deprecated > This version of OpenSSH disables the environment option for public keys by > default, in order to avoid certain attacks (for example, LD_PRELOAD). If > you are using this option in an authorized_keys file, beware that the keys > in question will no longer work until the option is removed. > . > To re-enable this option, set "PermitUserEnvironment yes" in > /etc/ssh/sshd_config after the upgrade is complete, taking note of the > warning in the sshd_config(5) manual page. > > The first of these requires administrator action to generate a new host > key, and the second requires administrator or user action to fix > authorized_keys files. In either case the system may become inaccessible > if the upgrade is being performed remotely and the warnings are not > heeded. > > Is it really true that these shouldn't be priority high? I'm not sure about the second one. -- see shy jo
Attachment:
signature.asc
Description: Digital signature