[Pkg-ganeti-devel] [ganeti] 08/12: d/NEWS: document new SSH key type support

[Apollon Oikonomopoulos]

This is an automated email from the git hooks/post-receive script.

apoikos pushed a commit to branch master
in repository ganeti.

commit aa4e72a5e0b5028a279f1c4ba5f0ecf2fe523e2e
Author: Apollon Oikonomopoulos <apoikos at debian.org>
Date:   Thu May 25 12:04:45 2017 +0300

    d/NEWS: document new SSH key type support
---
 debian/NEWS | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/debian/NEWS b/debian/NEWS
index 41de980..009af5e 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,23 @@
+ganeti (2.15.2-8) unstable; urgency=medium
+
+  This version introduces support for non-DSA SSH keys. Previously, Ganeti
+  relied exclusively on DSA SSH keys for intra-cluster SSH as a hardcoded
+  default. However, DSA keys are regarded as weak and are no longer accepted
+  by sshd since openssh 7.1, leading to cumbersome Ganeti cluster setups. This
+  version adds support for specifying additional key types (RSA and ECDSA), as
+  well as key length.
+
+  The default for newly-created clusters is to use 2048-bit RSA keys. For
+  existing clusters you can switch over to RSA or ECDSA keys, using
+
+  gnt-cluster renew-crypto --new-ssh-keys --ssh-key-type=RSA --ssh-key-bits=2048
+
+  The new key type support introduces backend changes and requires that all
+  nodes run at least 2.15.2-8, so please make sure to upgrade all nodes at the
+  same time.
+
+ -- Apollon Oikonomopoulos <apoikos at debian.org>  Thu, 25 May 2017 11:58:31 +0300
+
 ganeti (2.15.2-1) unstable; urgency=high
 
   ganeti-rapi is now bound to the loopback interface by default and anonymous

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ganeti/ganeti.git