From 1c29bd783fd662f414c85a11894a8b7cf7e17234 Mon Sep 17 00:00:00 2001 From: Harald Pfeiffer Date: Sun, 17 Jul 2022 15:55:39 +0200 Subject: +par ssh key generation --- .ssh/config.d/0000-all.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.ssh/config.d/0000-all.conf b/.ssh/config.d/0000-all.conf index b19eca4..df13d7c 100644 --- a/.ssh/config.d/0000-all.conf +++ b/.ssh/config.d/0000-all.conf @@ -20,6 +20,9 @@ ControlPath /run/user/%i/ssh/cm-%r@%h:%p # often prone to vulnerabilities due to slow upgrading), you can re-enable this and you SHOULD do # this ONLY for specific hosts. (Yes, this ofc also affects clients - which it did on an Arch Linux here.) # Also see https://www.openssh.com/txt/release-8.2 +# In any case you should check whether your device understands rsa-sha2-* signature algorithms. While +# testing this, I found out that "ssh-keygen -trsa" made my keys SHA-1 so far – you might want to change +# that to "-t rsa-sha2-256" or whatever and check whether you can still connect to the RSA requiring hosts. # If you have a proper naming convention for your devices, you can still easily wildcard this. If you # don't, you either don't have many devices or you moronically did not think device names through. ;-) # Host sophos* *-mik-* -- cgit v1.2.3