Bug 1285374

Summary: F23 release notes don't mention that OpenSSH 7.0 disabled ssh-dss public keys by default
Product: [Fedora] Fedora Documentation Reporter: Michael Stahl <mstahl>
Component: release-notesAssignee: Release Notes Tracker <relnotes>
Status: CLOSED EOL QA Contact: Fedora Docs QA <docs-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: develCC: jjelen, relnotes, wb8rcr, zach
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-07 15:30:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 151189    

Description Michael Stahl 2015-11-25 13:46:38 UTC 
Fedora 22 to Fedora 23 upgrades OpenSSH from 6.9 to 7.1, but the release notes only mention 7.1 and don't mention the default configuration changes that happened in 7.0, such as the disabling of ssh-dss public keys that may prevent a login to/from upgraded systems without explicit command line parameters.

https://docs.fedoraproject.org/en-US/Fedora/23/html/Release_Notes/sect-Release_Notes-Changes_for_Sysadmin.html

Actual results:

it only links to 7.1 release notes.

"3.4.2. OpenSSH 7.1
The OpenSSH project continues to improve the security of network communication with the release of OpenSSH 7.1. See the upstream release notes for detailed information about this release."

Expected results:

there should be at least a link to the OpenSSH 7.0 release notes too;
possibly explicitly mentioning the disabling of public keys.

http://www.openssh.com/txt/release-7.0

"Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. To temporarily enable existing host keys, use the command line option '-oHostKeyAlgorithms=ssh-dss' and to enable existing user keys, use '-oPubkeyAcceptedKeyTypes=ssh-dss'."
Comment 1 Jakub Jelen 2015-11-25 13:57:21 UTC 
Just adding, there should be also summed up content of the heads up email on devel, mentioning ssh1 support [1]. I tried to reach you before release, according to [2], but without any success.

If you have further queries, feel free to reach for me here on IRC. This should be probably updated early so others updating will not get into troubles as Michael.

Thank you.

[1] https://lists.fedoraproject.org/pipermail/devel/2015-August/213362.html
[2] https://fedoraproject.org/wiki/Release_notes_process
Comment 2 Petr Bokoc 2019-11-07 15:30:24 UTC 
I'm closing this bug as part of a Bugzilla cleanup effort. The most likely reason is that the bug has been opened either against a component we no longer publish, or against Release Notes for an EOL release.