OpenSSH disabled RSA signatures using SHA-1 hashes. See release notes
Potentially-incompatible changes
This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]
If your hosting provider still uses the old server keys, the sftp connection cannot be established.
The process fails with mirror: Fatal error: max-retries exceeded
The new parameter PLUGIN_SSH_ACCEPT_RSA changes the configuration of SSH to accept RSA keys with SHA-1 hashes.
cschlosser
commented
2 years ago
OpenSSH disabled RSA signatures using SHA-1 hashes. See release notes
If your hosting provider still uses the old server keys, the sftp connection cannot be established. The process fails with
mirror: Fatal error: max-retries exceededThe new parameter PLUGIN_SSH_ACCEPT_RSA changes the configuration of SSH to accept RSA keys with SHA-1 hashes.