Marcus Adams<p><a href="https://mastodon.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSH</span></a> in Trixie is being upgraded, which does two important things.</p><p>1) It adds a hybrid post quantum key exchange (screenshot of a verbose login to my server attached).</p><p>2) It disables DSA keys entirely. As in, you can't even manually enable them. They've been disabled "by default" for years, but now they're just straight up removed. If you need to log into an old machine with a DSA key, there is now a separate openssh-client-ssh1 package and ssh1 command.</p><p><a href="https://www.debian.org/releases/trixie/release-notes/issues.en.html#openssh-no-longer-supports-dsa-keys" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">debian.org/releases/trixie/rel</span><span class="invisible">ease-notes/issues.en.html#openssh-no-longer-supports-dsa-keys</span></a></p>