Categories

  • All news regarding Xen and XCP-ng ecosystem

    142 Topics
    4k Posts
    rzrR
    @Andrew said: @gduperrey The new OpenSSL/SSH blocks existing/working RSA keys from older SSH clients. While you can still use a password for SSH, it will block old keys from working which will break things (not good for existing LTS installs). To maintain compatibility add PubkeyAcceptedAlgorithms +ssh-rsa to /etc/ssh/sshd_config Hi @andrew, thank you for your feedback, the fallback option you're suggesting will work but it will downgrade the security of your system, we suggested to update clients: "Note that older ssh-clients (with weak ciphers) will need to update, if connection is rejected." Let me make it more explicit that older keys should be also refreshed: ssh-keygen # To generate new $identity_file ssh-copy-id \ -i $identity_file \ -o HostKeyAlgorithms=+ssh-rsa \ -o PubkeyAcceptedAlgorithms=+ssh-rsa \ $user@$host ssh $user@$host Ideally this can be done before the update, but let's us think if we have a better strategy to provide a smoother experience, meanwhile if anyone is curious check: https://www.openssh.org/releasenotes.html

  • Everything related to the virtualization platform

    1k Topics
    15k Posts
    olivierlambertO
    No worries, it happens! Glad you found the problem

  • All Xen Orchestra related questions/reports

    3k Topics
    27k Posts
    florentF
    ping @bastien-nollet

  • Our hyperconverged storage solution

    42 Topics
    723 Posts
    D
    And to really round this out, the MTBF for any of these is in the millions of hours (1.2-3M), that's a use time of 136.968 - 342.46 years respectively. Basically, if a drive dies, just replace it no matter what, but in the end the reliability of these drives is meant to outlast all of us. Unless you actually need some specific function provided in some form-factor or model, don't bother.

  • Non-English speakers

    32 Topics
    94 Posts
    olivierlambertO
    Yes, account aren't related