[pve-devel] [RFC container] setup: remove deprecated dsa from ssh host key generation
Daniel Kral
d.kral at proxmox.com
Wed Jun 25 11:56:31 CEST 2025
OpenSSH 10.0 removes support for the DSA signature algorithm [0], which
is the base version that will be shipped for Debian 13 trixie [1]. Since
it has been marked deprecated for some time and generating DSA
signatures with OpenSSH 10.0 will fail, remove it.
[0] https://www.openssh.com/txt/release-10.0
[1] https://www.debian.org/releases/trixie/release-notes/whats-new.en.html
Signed-off-by: Daniel Kral <d.kral at proxmox.com>
---
Sending it as a RFC as I'm unsure if there's any other repercussions
removing it here. AFAICS it seems this is the only site where we
generate DSA signatures.
src/PVE/LXC/Setup/Base.pm | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
index 6bdfb8d..dbfc775 100644
--- a/src/PVE/LXC/Setup/Base.pm
+++ b/src/PVE/LXC/Setup/Base.pm
@@ -646,7 +646,6 @@ sub ssh_host_key_types_to_generate {
return {
rsa => 'ssh_host_rsa_key',
- dsa => 'ssh_host_dsa_key',
ecdsa => 'ssh_host_ecdsa_key',
ed25519 => 'ssh_host_ed25519_key',
};
--
2.39.5
More information about the pve-devel
mailing list