diff options
author | Jeff Forcier <jeff@bitprophet.org> | 2021-12-23 15:13:54 -0500 |
---|---|---|
committer | Jeff Forcier <jeff@bitprophet.org> | 2021-12-23 15:58:54 -0500 |
commit | 2b66625659e66858cb5f557325c5fdd9c35fd073 (patch) | |
tree | 7760ef34e6a5f1727741f31ef57c524f30a3a308 /sites/www/changelog.rst | |
parent | 363a28d94cada17f012c1604a3c99c71a2bda003 (diff) |
Add agent RSA-SHA2 support, also tweak changelog w/ more tickets
Diffstat (limited to 'sites/www/changelog.rst')
-rw-r--r-- | sites/www/changelog.rst | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 016a5ac9..a519d333 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,10 +2,11 @@ Changelog ========= -- :feature:`1643` Add support for SHA-2 variants of RSA key verification - algorithms (as described in :rfc:`8332`) as well as limited SSH extension - negotiation (:rfc:`8308`). How SSH servers/clients decide when and how to use - this functionality can be complicated; Paramiko's support is as follows: +- :feature:`1643` (also :issue:`1925`, :issue:`1644`, :issue:`1326`) Add + support for SHA-2 variants of RSA key verification algorithms (as described + in :rfc:`8332`) as well as limited SSH extension negotiation (:rfc:`8308`). + How SSH servers/clients decide when and how to use this functionality can be + complicated; Paramiko's support is as follows: - Client verification of server host key during key exchange will now prefer ``rsa-sha2-512``, ``rsa-sha2-256``, and legacy ``ssh-rsa`` algorithms, in @@ -35,6 +36,9 @@ Changelog supported by both ends is used, or if there is none, it falls back to the previous behavior. + - SSH agent support grew the ability to specify algorithm flags when + requesting private key signatures; this is now used to forward SHA2 + algorithms when appropriate. - Server mode is now capable of pubkey auth involving SHA-2 signatures from clients, provided one's server implementation actually provides for doing so. |