Deprecated options when restarting openssh in Stretch
Clash Royale CLAN TAG#URR8PPP
Today, after doing updates in Debian Stretch, it started displaying these warnings when restarting the ssh service with my current config:
/etc/ssh/sshd_config line 17: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 18: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 29: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 36: Deprecated option RhostsRSAAuthentication
[....] Restarting OpenBSD Secure Shell server: sshd
/etc/ssh/sshd_config line 17: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 18: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 29: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 36: Deprecated option RhostsRSAAuthentication
What is happening here?
Using Debian 9 with OpenSSH 7.4
debian openssh
asked Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
add a comment |
Today, after doing updates in Debian Stretch, it started displaying these warnings when restarting the ssh service with my current config:
/etc/ssh/sshd_config line 17: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 18: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 29: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 36: Deprecated option RhostsRSAAuthentication
[....] Restarting OpenBSD Secure Shell server: sshd
/etc/ssh/sshd_config line 17: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 18: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 29: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 36: Deprecated option RhostsRSAAuthentication
What is happening here?
Using Debian 9 with OpenSSH 7.4
debian openssh
asked Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
add a comment |
Today, after doing updates in Debian Stretch, it started displaying these warnings when restarting the ssh service with my current config:
/etc/ssh/sshd_config line 17: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 18: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 29: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 36: Deprecated option RhostsRSAAuthentication
[....] Restarting OpenBSD Secure Shell server: sshd
/etc/ssh/sshd_config line 17: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 18: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 29: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 36: Deprecated option RhostsRSAAuthentication
What is happening here?
Using Debian 9 with OpenSSH 7.4
debian openssh
asked Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
Today, after doing updates in Debian Stretch, it started displaying these warnings when restarting the ssh service with my current config:
/etc/ssh/sshd_config line 17: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 18: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 29: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 36: Deprecated option RhostsRSAAuthentication
[....] Restarting OpenBSD Secure Shell server: sshd
/etc/ssh/sshd_config line 17: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 18: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 29: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 36: Deprecated option RhostsRSAAuthentication
What is happening here?
Using Debian 9 with OpenSSH 7.4
debian openssh
debian openssh
asked Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
asked Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
edited Jan 2 at 15:54
Rui F Ribeiro
asked Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
asked Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
asked Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
39.5k1479132
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
In the current Stretch update, openssh version changed from 7.3 to 7.4, released on 2016-Dec-19.
As it can be inferred from the Release notes, and from @Jakuje comments, OpenSSH maintainers have removed the corresponding configuration options for good, as they are obsolete.
So the lines can be safely removed.
Also, take head of:
Future deprecation notice
We plan on retiring more legacy cryptography in future releases,
specifically:
In approximately August 2017, removing remaining support for the
SSH v.1 protocol (client-only and currently compile-time disabled).
In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
The next release of OpenSSH will remove support for running sshd(8)
with privilege separation disabled.
The next release of portable OpenSSH will remove support for
OpenSSL version prior to 1.0.1.
answered Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
2
nope. This functionality is gone for few versions. Now they only removed the configuration options (because they didn't have any effect on SSH2). The problem is that you have configuration file not shipped by your distribution for some time (containing these options).
– Jakuje
Jan 16 '17 at 15:50
@Jakuje Interesting, I really did not pay attention to the client-only remark in the release notes until now.
– Rui F Ribeiro
Jan 16 '17 at 15:59
add a comment |
You can remove deprecated configuration lines with this:
sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config
sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config
sed -i '/RSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/RhostsRSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/UsePrivilegeSeparation/d' /etc/ssh/sshd_config
And restart SSH daemon: systemctl restart sshd
answered May 31 '17 at 12:25
XdgXdg
27124
3
Hi, congratulations on your first post. while your answer is technically correct, the question is more concerned with thewhysthan how to do it.
– Rui F Ribeiro
May 31 '17 at 13:42
1
Yeah, you're right, thanks for pointing out.
– Xdg
May 31 '17 at 15:13
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f337774%2fdeprecated-options-when-restarting-openssh-in-stretch%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
In the current Stretch update, openssh version changed from 7.3 to 7.4, released on 2016-Dec-19.
As it can be inferred from the Release notes, and from @Jakuje comments, OpenSSH maintainers have removed the corresponding configuration options for good, as they are obsolete.
So the lines can be safely removed.
Also, take head of:
Future deprecation notice
We plan on retiring more legacy cryptography in future releases,
specifically:
In approximately August 2017, removing remaining support for the
SSH v.1 protocol (client-only and currently compile-time disabled).
In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
The next release of OpenSSH will remove support for running sshd(8)
with privilege separation disabled.
The next release of portable OpenSSH will remove support for
OpenSSL version prior to 1.0.1.
answered Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
2
nope. This functionality is gone for few versions. Now they only removed the configuration options (because they didn't have any effect on SSH2). The problem is that you have configuration file not shipped by your distribution for some time (containing these options).
– Jakuje
Jan 16 '17 at 15:50
@Jakuje Interesting, I really did not pay attention to the client-only remark in the release notes until now.
– Rui F Ribeiro
Jan 16 '17 at 15:59
add a comment |
In the current Stretch update, openssh version changed from 7.3 to 7.4, released on 2016-Dec-19.
As it can be inferred from the Release notes, and from @Jakuje comments, OpenSSH maintainers have removed the corresponding configuration options for good, as they are obsolete.
So the lines can be safely removed.
Also, take head of:
Future deprecation notice
We plan on retiring more legacy cryptography in future releases,
specifically:
In approximately August 2017, removing remaining support for the
SSH v.1 protocol (client-only and currently compile-time disabled).
In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
The next release of OpenSSH will remove support for running sshd(8)
with privilege separation disabled.
The next release of portable OpenSSH will remove support for
OpenSSL version prior to 1.0.1.
answered Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
2
nope. This functionality is gone for few versions. Now they only removed the configuration options (because they didn't have any effect on SSH2). The problem is that you have configuration file not shipped by your distribution for some time (containing these options).
– Jakuje
Jan 16 '17 at 15:50
@Jakuje Interesting, I really did not pay attention to the client-only remark in the release notes until now.
– Rui F Ribeiro
Jan 16 '17 at 15:59
add a comment |
In the current Stretch update, openssh version changed from 7.3 to 7.4, released on 2016-Dec-19.
As it can be inferred from the Release notes, and from @Jakuje comments, OpenSSH maintainers have removed the corresponding configuration options for good, as they are obsolete.
So the lines can be safely removed.
Also, take head of:
Future deprecation notice
We plan on retiring more legacy cryptography in future releases,
specifically:
In approximately August 2017, removing remaining support for the
SSH v.1 protocol (client-only and currently compile-time disabled).
In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
The next release of OpenSSH will remove support for running sshd(8)
with privilege separation disabled.
The next release of portable OpenSSH will remove support for
OpenSSL version prior to 1.0.1.
answered Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
In the current Stretch update, openssh version changed from 7.3 to 7.4, released on 2016-Dec-19.
As it can be inferred from the Release notes, and from @Jakuje comments, OpenSSH maintainers have removed the corresponding configuration options for good, as they are obsolete.
So the lines can be safely removed.
Also, take head of:
Future deprecation notice
We plan on retiring more legacy cryptography in future releases,
specifically:
In approximately August 2017, removing remaining support for the
SSH v.1 protocol (client-only and currently compile-time disabled).
In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
The next release of OpenSSH will remove support for running sshd(8)
with privilege separation disabled.
The next release of portable OpenSSH will remove support for
OpenSSL version prior to 1.0.1.
answered Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
edited May 19 '17 at 3:56
answered Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
answered Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
answered Jan 16 '17 at 14:21
Rui F RibeiroRui F Ribeiro
39.5k1479132
39.5k1479132
2
nope. This functionality is gone for few versions. Now they only removed the configuration options (because they didn't have any effect on SSH2). The problem is that you have configuration file not shipped by your distribution for some time (containing these options).
– Jakuje
Jan 16 '17 at 15:50
@Jakuje Interesting, I really did not pay attention to the client-only remark in the release notes until now.
– Rui F Ribeiro
Jan 16 '17 at 15:59
add a comment |
2
nope. This functionality is gone for few versions. Now they only removed the configuration options (because they didn't have any effect on SSH2). The problem is that you have configuration file not shipped by your distribution for some time (containing these options).
– Jakuje
Jan 16 '17 at 15:50
@Jakuje Interesting, I really did not pay attention to the client-only remark in the release notes until now.
– Rui F Ribeiro
Jan 16 '17 at 15:59
2
2
nope. This functionality is gone for few versions. Now they only removed the configuration options (because they didn't have any effect on SSH2). The problem is that you have configuration file not shipped by your distribution for some time (containing these options).
– Jakuje
Jan 16 '17 at 15:50
nope. This functionality is gone for few versions. Now they only removed the configuration options (because they didn't have any effect on SSH2). The problem is that you have configuration file not shipped by your distribution for some time (containing these options).
– Jakuje
Jan 16 '17 at 15:50
@Jakuje Interesting, I really did not pay attention to the client-only remark in the release notes until now.
– Rui F Ribeiro
Jan 16 '17 at 15:59
@Jakuje Interesting, I really did not pay attention to the client-only remark in the release notes until now.
– Rui F Ribeiro
Jan 16 '17 at 15:59
add a comment |
You can remove deprecated configuration lines with this:
sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config
sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config
sed -i '/RSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/RhostsRSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/UsePrivilegeSeparation/d' /etc/ssh/sshd_config
And restart SSH daemon: systemctl restart sshd
answered May 31 '17 at 12:25
XdgXdg
27124
3
Hi, congratulations on your first post. while your answer is technically correct, the question is more concerned with thewhysthan how to do it.
– Rui F Ribeiro
May 31 '17 at 13:42
1
Yeah, you're right, thanks for pointing out.
– Xdg
May 31 '17 at 15:13
add a comment |
You can remove deprecated configuration lines with this:
sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config
sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config
sed -i '/RSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/RhostsRSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/UsePrivilegeSeparation/d' /etc/ssh/sshd_config
And restart SSH daemon: systemctl restart sshd
answered May 31 '17 at 12:25
XdgXdg
27124
3
Hi, congratulations on your first post. while your answer is technically correct, the question is more concerned with thewhysthan how to do it.
– Rui F Ribeiro
May 31 '17 at 13:42
1
Yeah, you're right, thanks for pointing out.
– Xdg
May 31 '17 at 15:13
add a comment |
You can remove deprecated configuration lines with this:
sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config
sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config
sed -i '/RSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/RhostsRSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/UsePrivilegeSeparation/d' /etc/ssh/sshd_config
And restart SSH daemon: systemctl restart sshd
answered May 31 '17 at 12:25
XdgXdg
27124
You can remove deprecated configuration lines with this:
sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config
sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config
sed -i '/RSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/RhostsRSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/UsePrivilegeSeparation/d' /etc/ssh/sshd_config
And restart SSH daemon: systemctl restart sshd
answered May 31 '17 at 12:25
XdgXdg
27124
edited Aug 3 '18 at 19:44
answered May 31 '17 at 12:25
XdgXdg
27124
answered May 31 '17 at 12:25
XdgXdg
27124
answered May 31 '17 at 12:25
XdgXdg
27124
27124
3
Hi, congratulations on your first post. while your answer is technically correct, the question is more concerned with thewhysthan how to do it.
– Rui F Ribeiro
May 31 '17 at 13:42
1
Yeah, you're right, thanks for pointing out.
– Xdg
May 31 '17 at 15:13
add a comment |
3
Hi, congratulations on your first post. while your answer is technically correct, the question is more concerned with thewhysthan how to do it.
– Rui F Ribeiro
May 31 '17 at 13:42
1
Yeah, you're right, thanks for pointing out.
– Xdg
May 31 '17 at 15:13
3
3
Hi, congratulations on your first post. while your answer is technically correct, the question is more concerned with the
whys than how to do it.– Rui F Ribeiro
May 31 '17 at 13:42
Hi, congratulations on your first post. while your answer is technically correct, the question is more concerned with the
whys than how to do it.– Rui F Ribeiro
May 31 '17 at 13:42
1
1
Yeah, you're right, thanks for pointing out.
– Xdg
May 31 '17 at 15:13
Yeah, you're right, thanks for pointing out.
– Xdg
May 31 '17 at 15:13
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f337774%2fdeprecated-options-when-restarting-openssh-in-stretch%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
