Notice

Before updating and restarting sshd on a remote host, make sure you do not rely on DSA keys for connecting to it. To enumerate DSA keys granting access to a given account, use:

grep ssh-dss ~/.ssh/authorized_keys

If you have any, ensure you have alternative means of logging in, such as key pairs of a different type, or password authentication.

Potentially-incompatible Changes

• Support for the legacy SSH version 1 protocol is disabled by default at compile time.

• Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time. It may be re-enabled using the instructions at http://www.openssh.com/legacy.html

• Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html

• Support for the legacy v00 cert format has been removed.

• The default for the sshd_config(5) PermitRootLogin option has changed from "yes" to "prohibit-password".

• PermitRootLogin=without-password/prohibit-password now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled).

Future deprecation notice

We plan on retiring more legacy cryptography in the next release including:

• Refusing all RSA keys smaller than 1024 bits (the current minimum is 768 bits)

• Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES.

• MD5-based HMAC algorithms will be disabled by default.

This list reflects our current intentions, but please check the final release notes for OpenSSH 7.1 when it is released.