[Pkg-ganeti-devel] [ganeti] 08/12: d/NEWS: document new SSH key type support
Apollon Oikonomopoulos
apoikos at moszumanska.debian.org
Tue Jun 27 08:23:43 UTC 2017
This is an automated email from the git hooks/post-receive script.
apoikos pushed a commit to branch master
in repository ganeti.
commit aa4e72a5e0b5028a279f1c4ba5f0ecf2fe523e2e
Author: Apollon Oikonomopoulos <apoikos at debian.org>
Date: Thu May 25 12:04:45 2017 +0300
d/NEWS: document new SSH key type support
---
debian/NEWS | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/debian/NEWS b/debian/NEWS
index 41de980..009af5e 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,23 @@
+ganeti (2.15.2-8) unstable; urgency=medium
+
+ This version introduces support for non-DSA SSH keys. Previously, Ganeti
+ relied exclusively on DSA SSH keys for intra-cluster SSH as a hardcoded
+ default. However, DSA keys are regarded as weak and are no longer accepted
+ by sshd since openssh 7.1, leading to cumbersome Ganeti cluster setups. This
+ version adds support for specifying additional key types (RSA and ECDSA), as
+ well as key length.
+
+ The default for newly-created clusters is to use 2048-bit RSA keys. For
+ existing clusters you can switch over to RSA or ECDSA keys, using
+
+ gnt-cluster renew-crypto --new-ssh-keys --ssh-key-type=RSA --ssh-key-bits=2048
+
+ The new key type support introduces backend changes and requires that all
+ nodes run at least 2.15.2-8, so please make sure to upgrade all nodes at the
+ same time.
+
+ -- Apollon Oikonomopoulos <apoikos at debian.org> Thu, 25 May 2017 11:58:31 +0300
+
ganeti (2.15.2-1) unstable; urgency=high
ganeti-rapi is now bound to the loopback interface by default and anonymous
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ganeti/ganeti.git
More information about the Pkg-ganeti-devel
mailing list