Add more visible backwards compat warning re 2.9 RSA2 changes

author: Jeff Forcier <jeff@bitprophet.org> 2022-01-08 12:16:48 -0500
committer: Jeff Forcier <jeff@bitprophet.org> 2022-01-08 12:16:48 -0500
commit: 5f222495b5a62f3a1c465292bcace15888f40515 (patch)
tree: 2c177c5da4f3943cba1b48ddb42843374b80a3e0 /sites
parent: bbefff00961125a35a5fb6a769679aa297224b45 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 5027ed42..ef7ed367 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -11,6 +11,17 @@ Changelog
 - :feature:`1643` (also :issue:`1925`, :issue:`1644`, :issue:`1326`) Add
   support for SHA-2 variants of RSA key verification algorithms (as described
   in :rfc:`8332`) as well as limited SSH extension negotiation (:rfc:`8308`).
+
+  .. warning::
+    This change is slightly backwards incompatible, insofar as action is
+    required if your target systems do not support either RSA2 or the
+    ``server-sig-algs`` protocol extension.
+
+    Specifically, you need to specify ``disabled_algorithms={'keys':
+    ['rsa-sha2-256', 'rsa-sha2-512']}`` in either `SSHClient
+    <paramiko.client.SSHClient.__init__>` or `Transport
+    <paramiko.transport.Transport.__init__>`. See below for details on why.
+
   How SSH servers/clients decide when and how to use this functionality can be
   complicated; Paramiko's support is as follows:
author	Jeff Forcier <jeff@bitprophet.org>	2022-01-08 12:16:48 -0500
committer	Jeff Forcier <jeff@bitprophet.org>	2022-01-08 12:16:48 -0500
commit	5f222495b5a62f3a1c465292bcace15888f40515 (patch)
tree	2c177c5da4f3943cba1b48ddb42843374b80a3e0 /sites
parent	bbefff00961125a35a5fb6a769679aa297224b45 (diff)