fedora-docs / release-notes

Clone
Source Code
GIT

#32 Change: OpenSSH Server Crypto Policy
Closed 6 years ago Opened 6 years ago by bex.

Closed
Reopen Issue

This issue tracks the release note for the following Fedora Change:

https://fedoraproject.org/wiki/Changes/OpenSSH_Server_Crypto_Policy - @jjelen

If you own this change, please add additional information here that we should communicate to Fedora users. Specifically, please consider:

  • New features available because of this change - pick 2 or 3 that are important
  • Considerations for users of previous releases of Fedora (upgrade issues, format changes, etc.)
  • Links to any upstream Release Notes
  • If this helps Fedora be a superior environment for our target audiences, please explain how so that we can emphasize this.

Your notes to us do not need to be formally written. We will edit them and add details as needed. This is a way for you to ensure that we know what is critical about your change.

If you want to write this release note, then:

  • Assign this issue to yourself
  • Check the wiki page linked above, find out what the change is about
  • Determine whether the change actually made it into the release or not[0]
  • Write a draft release note using that information against the correct branch here, in Pagure. (or see below)
  • Get in touch with the contact person/people listed on the wiki page, either through IRC or e-mail, and ask them to check your draft for technical accuracy
  • Submit your Release Note as a PR to this repository.

Once you're done with the above, make sure to either commit the relnote to an appropriate section of the Release Notes book, or, if you're not familiar with Git, AsciiDoc, or whatever else, just add it to this issue as a comment and let pbokoc[1] know that you're done with this one and you'd like the note included. Be sure to do this at least one day before the final release (October 29 according to the current schedule). Also make sure to do this even for relnotes that haven't been checked by the change owner.

[0] You can do that by asking the change owner listed on the wiki page; alternatively you can infer it by checking the tracker bug (linked in Wiki) in Bugzilla and looking at its status; see bug comments for details. Ask someone on the mailing list or on IRC if you're not sure.
[1] In #fedora-docs on FreeNode (UTC+1 timezone, online mostly during the day on weekdays), or pbokoc @redhat.com if you can't get a hold of me on IRC.

Metadata Update from @rkratky:
- Issue assigned to rkratky
6 years ago

@jjelen, could you please have a look at the following text for this RN:

OpenSSH Server now follows system-wide crypto policies

Fedora defines system-wide crypto policies, which are followed by cryptographic libraries and tools, including OpenSSH clients. This allows administrators to use different system-wide security levels. With this update, OpenSSH Server adheres to these system-wide crypto policies, too.

This modification is implemented using a script, which places configuration generated according to currently defined crypto policies into the OpenSSH Server's configuration file. The script is executed by systemd when the sshd service is started. It is, therefore, necessary to restart the sshd service for changes to crypto-policy configuration to take effect.

Sorry for a confusion. This got changed and I forgot to make sure it was up to date in all the places of the wiki. So the last paragraph does not apply anymore. It should say something like this:

The modification adds environment variables that are passed to sshd daemon on commandline specifying enabled algorithms. It is, therefore, necessary to restart the sshd service for changes to crypto-policy configuration to take effect.

Thanks, I updated the text.

Metadata Update from @rkratky:
- Issue status updated to: Closed (was: Open)
6 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.