Call for testing: Last bits of DSA to be removed from OpenSSH

Contributed by Peter N. M. Hansteen on 2025-05-05 from the dump da DSA dah dept.

In a message to tech@ with the subject "die DSA die", Damien Miller (djm@) presents a diff that will remove the last bits of DSA support from OpenSSH:

List:       openbsd-tech
Subject:    die DSA die
From:       Damien Miller <djm () mindrot ! org>
Date:       2025-05-05 6:34:15

This finally removes all the remaining bits of DSA support from
OpenSSH and fixes up the regress tests that I could run.

I'm not set up to run the ssh.com interop tests so it's possible
they are broken by this.

ok?

Index: usr.bin/ssh/authfd.c
[ … ]

followed by the diff that implements the change.

(An earlier Undeadly article provides some background on DSA removal.)

Note that Damien asks for testing help here -- if you are able to help testing this change before it goes in for real, please do!

Latest Articles

Tue, May 06
- 05:42 Call for testing: Last bits of DSA to be removed from OpenSSH (0)
- 04:46 ssh: listener sockets relocated from /tmp to ~/.ssh/agent (0)
- 01:21 The installer now prefers disks over 1GB (0)
Fri, May 02
- 06:00 Call for testing and comment: Make the installer prefer >1G disks (0)
Wed, Apr 30
- 18:44 Call for Testing: Parallel fault handler (0)
- 11:21 LibreSSL 4.1.0 released (0)
Tue, Apr 29
- 06:36 In -current, pkg_add -u no longer advises file removal (0)
Mon, Apr 28
- 08:40 MP-safe tcp_input() committed (0)
Sun, Apr 27
- 18:30 OpenBSD 7.7 Released (2)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]