summaryrefslogtreecommitdiffstats
path: root/debian/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'debian/NEWS')
-rw-r--r--debian/NEWS523
1 files changed, 523 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..9afbcb2
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,523 @@
+openssh (1:9.2p1-1) unstable; urgency=medium
+
+ OpenSSH 9.2 includes a number of changes that may affect existing
+ configurations:
+
+ * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
+ controls whether the client-side ~C escape sequence that provides a
+ command-line is available. Among other things, the ~C command-line
+ could be used to add additional port-forwards at runtime.
+
+ This option defaults to "no", disabling the ~C command-line that was
+ previously enabled by default. Turning off the command-line allows
+ platforms that support sandboxing of the ssh(1) client (currently only
+ OpenBSD) to use a stricter default sandbox policy.
+
+ -- Colin Watson <cjwatson@debian.org> Wed, 08 Feb 2023 10:36:06 +0000
+
+openssh (1:9.1p1-1) unstable; urgency=medium
+
+ OpenSSH 9.1 includes a number of changes that may affect existing
+ configurations:
+
+ * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are
+ now first-match-wins to match other directives. Previously if an
+ environment variable was multiply specified the last set value would
+ have been used.
+
+ * ssh-keygen(8): ssh-keygen -A (generate all default host key types) will
+ no longer generate DSA keys, as these are insecure and have not been
+ used by default for some years.
+
+ -- Colin Watson <cjwatson@debian.org> Mon, 14 Nov 2022 16:35:59 +0000
+
+openssh (1:9.0p1-1) unstable; urgency=medium
+
+ OpenSSH 9.0 includes a number of changes that may affect existing
+ configurations:
+
+ * This release switches scp(1) from using the legacy scp/rcp protocol to
+ using the SFTP protocol by default.
+
+ Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
+ "scp host:* .") through the remote shell. This has the side effect of
+ requiring double quoting of shell meta-characters in file names
+ included on scp(1) command-lines, otherwise they could be interpreted
+ as shell commands on the remote side.
+
+ This creates one area of potential incompatibility: scp(1) when using
+ the SFTP protocol no longer requires this finicky and brittle quoting,
+ and attempts to use it may cause transfers to fail. We consider the
+ removal of the need for double-quoting shell characters in file names
+ to be a benefit and do not intend to introduce bug-compatibility for
+ legacy scp/rcp in scp(1) when using the SFTP protocol.
+
+ Another area of potential incompatibility relates to the use of remote
+ paths relative to other user's home directories, for example - "scp
+ host:~user/file /tmp". The SFTP protocol has no native way to expand a
+ ~user path. However, sftp-server(8) in OpenSSH 8.7 and later support a
+ protocol extension "expand-path@openssh.com" to support this.
+
+ In case of incompatibility, the scp(1) client may be instructed to use
+ the legacy scp/rcp using the -O flag.
+
+ -- Colin Watson <cjwatson@debian.org> Sat, 09 Apr 2022 14:14:10 +0100
+
+openssh (1:8.8p1-1) unstable; urgency=medium
+
+ OpenSSH 8.8 includes a number of changes that may affect existing
+ configurations:
+
+ * This release disables RSA signatures using the SHA-1 hash algorithm by
+ default. This change has been made as the SHA-1 hash algorithm is
+ cryptographically broken, and it is possible to create chosen-prefix
+ hash collisions for <USD$50K.
+
+ For most users, this change should be invisible and there is no need to
+ replace ssh-rsa keys. OpenSSH has supported RFC8332 RSA/SHA-256/512
+ signatures since release 7.2 and existing ssh-rsa keys will
+ automatically use the stronger algorithm where possible.
+
+ Incompatibility is more likely when connecting to older SSH
+ implementations that have not been upgraded or have not closely tracked
+ improvements in the SSH protocol. For these cases, it may be necessary
+ to selectively re-enable RSA/SHA1 to allow connection and/or user
+ authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
+ options. For example, the following stanza in ~/.ssh/config will enable
+ RSA/SHA1 for host and user authentication for a single destination
+ host:
+
+ Host old-host
+ HostkeyAlgorithms +ssh-rsa
+ PubkeyAcceptedAlgorithms +ssh-rsa
+
+ We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
+ implementations can be upgraded or reconfigured with another key type
+ (such as ECDSA or Ed25519).
+
+ -- Colin Watson <cjwatson@debian.org> Tue, 15 Feb 2022 19:20:21 +0000
+
+openssh (1:8.7p1-1) unstable; urgency=medium
+
+ OpenSSH 8.7 includes a number of changes that may affect existing
+ configurations:
+
+ * scp(1): this release changes the behaviour of remote to remote copies
+ (e.g. "scp host-a:/path host-b:") to transfer through the local host by
+ default. This was previously available via the -3 flag. This mode
+ avoids the need to expose credentials on the origin hop, avoids
+ triplicate interpretation of filenames by the shell (by the local
+ system, the copy origin and the destination) and, in conjunction with
+ the SFTP support for scp(1) mentioned below, allows use of all
+ authentication methods to the remote hosts (previously, only
+ non-interactive methods could be used). A -R flag has been added to
+ select the old behaviour.
+
+ * ssh(1)/sshd(8): both the client and server are now using a stricter
+ configuration file parser. The new parser uses more shell-like rules
+ for quotes, space and escape characters. It is also more strict in
+ rejecting configurations that include options lacking arguments.
+ Previously some options (e.g. DenyUsers) could appear on a line with no
+ subsequent arguments. This release will reject such configurations. The
+ new parser will also reject configurations with unterminated quotes and
+ multiple '=' characters after the option name.
+
+ * ssh(1): when using SSHFP DNS records for host key verification, ssh(1)
+ will verify all matching records instead of just those with the
+ specific signature type requested. This may cause host key verification
+ problems if stale SSHFP records of a different or legacy signature type
+ exist alongside other records for a particular host. bz#3322
+
+ * ssh-keygen(1): when generating a FIDO key and specifying an explicit
+ attestation challenge (using -Ochallenge), the challenge will now be
+ hashed by the builtin security key middleware. This removes the
+ (undocumented) requirement that challenges be exactly 32 bytes in
+ length and matches the expectations of libfido2.
+
+ * sshd(8): environment="..." directives in authorized_keys files are now
+ first-match-wins and limited to 1024 discrete environment variable
+ names.
+
+ OpenSSH 8.5 includes a number of changes that may affect existing
+ configurations:
+
+ * ssh(1), sshd(8): this release changes the first-preference signature
+ algorithm from ECDSA to ED25519.
+
+ * ssh(1), sshd(8): set the TOS/DSCP specified in the configuration for
+ interactive use prior to TCP connect. The connection phase of the SSH
+ session is time-sensitive and often explicitly interactive. The
+ ultimate interactive/bulk TOS/DSCP will be set after authentication
+ completes.
+
+ * ssh(1), sshd(8): remove the pre-standardization cipher
+ rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc before it
+ was standardized in RFC4253 (2006), has been deprecated and disabled by
+ default since OpenSSH 7.2 (2016) and was only briefly documented in
+ ssh.1 in 2001.
+
+ * ssh(1), sshd(8): update/replace the experimental post-quantum hybrid
+ key exchange method based on Streamlined NTRU Prime coupled with
+ X25519.
+
+ The previous sntrup4591761x25519-sha512@tinyssh.org method is replaced
+ with sntrup761x25519-sha512@openssh.com. Per its designers, the
+ sntrup4591761 algorithm was superseded almost two years ago by
+ sntrup761.
+
+ (note this both the updated method and the one that it replaced are
+ disabled by default)
+
+ * ssh(1): disable CheckHostIP by default. It provides insignificant
+ benefits while making key rotation significantly more difficult,
+ especially for hosts behind IP-based load-balancers.
+
+ -- Colin Watson <cjwatson@debian.org> Sat, 06 Nov 2021 12:23:47 +0000
+
+openssh (1:8.4p1-1) unstable; urgency=medium
+
+ OpenSSH 8.4 includes a number of changes that may affect existing
+ configurations:
+
+ * ssh-keygen(1): the format of the attestation information optionally
+ recorded when a FIDO key is generated has changed. It now includes the
+ authenticator data needed to validate attestation signatures.
+
+ * The API between OpenSSH and the FIDO token middleware has changed and
+ the SSH_SK_VERSION_MAJOR version has been incremented as a result.
+ Third-party middleware libraries must support the current API version
+ (7) to work with OpenSSH 8.4.
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 18 Oct 2020 12:07:48 +0100
+
+openssh (1:8.3p1-1) unstable; urgency=medium
+
+ OpenSSH 8.3 includes a number of changes that may affect existing
+ configurations:
+
+ * sftp(1): reject an argument of "-1" in the same way as ssh(1) and scp(1)
+ do instead of accepting and silently ignoring it.
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 07 Jun 2020 13:44:04 +0100
+
+openssh (1:8.2p1-1) unstable; urgency=medium
+
+ OpenSSH 8.2 includes a number of changes that may affect existing
+ configurations:
+
+ * ssh(1), sshd(8), ssh-keygen(1): This release removes the "ssh-rsa"
+ (RSA/SHA1) algorithm from those accepted for certificate signatures
+ (i.e. the client and server CASignatureAlgorithms option) and will use
+ the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1)
+ CA signs new certificates.
+
+ Certificates are at special risk to SHA1 collision vulnerabilities as
+ an attacker has effectively unlimited time in which to craft a
+ collision that yields them a valid certificate, far more than the
+ relatively brief LoginGraceTime window that they have to forge a host
+ key signature.
+
+ The OpenSSH certificate format includes a CA-specified (typically
+ random) nonce value near the start of the certificate that should make
+ exploitation of chosen-prefix collisions in this context challenging,
+ as the attacker does not have full control over the prefix that
+ actually gets signed. Nonetheless, SHA1 is now a demonstrably broken
+ algorithm and further improvements in attacks are highly likely.
+
+ OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2
+ algorithms and will refuse to accept certificates signed by an OpenSSH
+ 8.2+ CA using RSA keys unless the unsafe algorithm is explicitly
+ selected during signing ("ssh-keygen -t ssh-rsa"). Older
+ clients/servers may use another CA key type such as ssh-ed25519
+ (supported since OpenSSH 6.5) or one of the ecdsa-sha2-nistp256/384/521
+ types (supported since OpenSSH 5.7) instead if they cannot be upgraded.
+
+ * ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default
+ key exchange proposal for both the client and server.
+
+ * ssh-keygen(1): The command-line options related to the generation and
+ screening of safe prime numbers used by the
+ diffie-hellman-group-exchange-* key exchange algorithms have changed.
+ Most options have been folded under the -O flag.
+
+ * sshd(8): The sshd listener process title visible to ps(1) has changed
+ to include information about the number of connections that are
+ currently attempting authentication and the limits configured by
+ MaxStartups.
+
+ -- Colin Watson <cjwatson@debian.org> Fri, 21 Feb 2020 16:36:37 +0000
+
+openssh (1:8.1p1-1) unstable; urgency=medium
+
+ OpenSSH 8.1 includes a number of changes that may affect existing
+ configurations:
+
+ * ssh-keygen(1): when acting as a CA and signing certificates with an RSA
+ key, default to using the rsa-sha2-512 signature algorithm.
+ Certificates signed by RSA keys will therefore be incompatible with
+ OpenSSH versions prior to 7.2 unless the default is overridden (using
+ "ssh-keygen -t ssh-rsa -s ...").
+
+ -- Colin Watson <cjwatson@debian.org> Thu, 10 Oct 2019 10:23:19 +0100
+
+openssh (1:8.0p1-1) experimental; urgency=medium
+
+ OpenSSH 8.0 includes a number of changes that may affect existing
+ configurations:
+
+ * sshd(8): Remove support for obsolete "host/port" syntax.
+ Slash-separated host/port was added in 2001 as an alternative to
+ host:port syntax for the benefit of IPv6 users. These days there are
+ established standards for this like [::1]:22 and the slash syntax is
+ easily mistaken for CIDR notation, which OpenSSH supports for some
+ things. Remove the slash notation from ListenAddress and PermitOpen.
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 09 Jun 2019 22:47:27 +0100
+
+openssh (1:7.9p1-1) unstable; urgency=medium
+
+ OpenSSH 7.9 includes a number of changes that may affect existing
+ configurations:
+
+ * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms option
+ bans the use of DSA keys as certificate authorities.
+ * sshd(8): the authentication success/failure log message has changed
+ format slightly. It now includes the certificate fingerprint
+ (previously it included only key ID and CA key fingerprint).
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 21 Oct 2018 10:39:24 +0100
+
+openssh (1:7.8p1-1) unstable; urgency=medium
+
+ OpenSSH 7.8 includes a number of changes that may affect existing
+ configurations:
+
+ * ssh-keygen(1): Write OpenSSH format private keys by default instead of
+ using OpenSSL's PEM format. The OpenSSH format, supported in OpenSSH
+ releases since 2014 and described in the PROTOCOL.key file in the
+ source distribution, offers substantially better protection against
+ offline password guessing and supports key comments in private keys.
+ If necessary, it is possible to write old PEM-style keys by adding "-m
+ PEM" to ssh-keygen's arguments when generating or updating a key.
+ * sshd(8): Remove internal support for S/Key multiple factor
+ authentication. S/Key may still be used via PAM or BSD auth.
+ * ssh(1): Remove vestigial support for running ssh(1) as setuid. This
+ used to be required for hostbased authentication and the (long gone)
+ rhosts-style authentication, but has not been necessary for a long
+ time. Attempting to execute ssh as a setuid binary, or with uid !=
+ effective uid will now yield a fatal error at runtime.
+ * sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar
+ HostbasedAcceptedKeyTypes options have changed. These now specify
+ signature algorithms that are accepted for their respective
+ authentication mechanism, where previously they specified accepted key
+ types. This distinction matters when using the RSA/SHA2 signature
+ algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate
+ counterparts. Configurations that override these options but omit
+ these algorithm names may cause unexpected authentication failures (no
+ action is required for configurations that accept the default for these
+ options).
+ * sshd(8): The precedence of session environment variables has changed.
+ ~/.ssh/environment and environment="..." options in authorized_keys
+ files can no longer override SSH_* variables set implicitly by sshd.
+ * ssh(1)/sshd(8): The default IPQoS used by ssh/sshd has changed. They
+ will now use DSCP AF21 for interactive traffic and CS1 for bulk. For a
+ detailed rationale, please see the commit message:
+ https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284
+
+ -- Colin Watson <cjwatson@debian.org> Thu, 30 Aug 2018 15:35:27 +0100
+
+openssh (1:7.6p1-1) unstable; urgency=medium
+
+ OpenSSH 7.6 includes a number of changes that may affect existing
+ configurations:
+
+ * ssh(1): Delete SSH protocol version 1 support, associated configuration
+ options and documentation.
+ * ssh(1)/sshd(8): Remove support for the hmac-ripemd160 MAC.
+ * ssh(1)/sshd(8): Remove support for the arcfour, blowfish and CAST
+ ciphers.
+ * Refuse RSA keys <1024 bits in length and improve reporting for keys
+ that do not meet this requirement.
+ * ssh(1): Do not offer CBC ciphers by default.
+
+ -- Colin Watson <cjwatson@debian.org> Fri, 06 Oct 2017 12:36:48 +0100
+
+openssh (1:7.5p1-1) experimental; urgency=medium
+
+ OpenSSH 7.5 includes a number of changes that may affect existing
+ configurations:
+
+ * This release deprecates the sshd_config UsePrivilegeSeparation option,
+ thereby making privilege separation mandatory.
+
+ * The format of several log messages emitted by the packet code has
+ changed to include additional information about the user and their
+ authentication state. Software that monitors ssh/sshd logs may need to
+ account for these changes. For example:
+
+ Connection closed by user x 1.1.1.1 port 1234 [preauth]
+ Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
+ Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]
+
+ Affected messages include connection closure, timeout, remote
+ disconnection, negotiation failure and some other fatal messages
+ generated by the packet code.
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 02 Apr 2017 02:58:01 +0100
+
+openssh (1:7.4p1-7) unstable; urgency=medium
+
+ This version restores the default for AuthorizedKeysFile to search both
+ ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2, as was the case in
+ Debian configurations before 1:7.4p1-1. Upstream intends to phase out
+ searching ~/.ssh/authorized_keys2 by default, so you should ensure that
+ you are only using ~/.ssh/authorized_keys, at least for critical
+ administrative access; do not assume that the current default will remain
+ in place forever.
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 05 Mar 2017 02:12:42 +0000
+
+openssh (1:7.4p1-1) unstable; urgency=medium
+
+ OpenSSH 7.4 includes a number of changes that may affect existing
+ configurations:
+
+ * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
+ block ciphers are not safe in 2016 and we don't want to wait until
+ attacks like SWEET32 are extended to SSH. As 3des-cbc was the only
+ mandatory cipher in the SSH RFCs, this may cause problems connecting to
+ older devices using the default configuration, but it's highly likely
+ that such devices already need explicit configuration for key exchange
+ and hostkey algorithms already anyway.
+ * sshd(8): Remove support for pre-authentication compression. Doing
+ compression early in the protocol probably seemed reasonable in the
+ 1990s, but today it's clearly a bad idea in terms of both cryptography
+ (cf. multiple compression oracle attacks in TLS) and attack surface.
+ Pre-auth compression support has been disabled by default for >10
+ years. Support remains in the client.
+ * ssh-agent will refuse to load PKCS#11 modules outside a whitelist of
+ trusted paths by default. The path whitelist may be specified at
+ run-time.
+ * sshd(8): When a forced-command appears in both a certificate and an
+ authorized keys/principals command= restriction, sshd will now refuse
+ to accept the certificate unless they are identical. The previous
+ (documented) behaviour of having the certificate forced-command
+ override the other could be a bit confusing and error-prone.
+ * sshd(8): Remove the UseLogin configuration directive and support for
+ having /bin/login manage login sessions.
+
+ The unprivileged sshd process that deals with pre-authentication network
+ traffic is now subject to additional sandboxing restrictions by default:
+ that is, the default sshd_config now sets UsePrivilegeSeparation to
+ "sandbox" rather than "yes". This has been the case upstream for a while,
+ but until now the Debian configuration diverged unnecessarily.
+
+ -- Colin Watson <cjwatson@debian.org> Tue, 27 Dec 2016 18:01:46 +0000
+
+openssh (1:7.2p1-1) unstable; urgency=medium
+
+ OpenSSH 7.2 disables a number of legacy cryptographic algorithms by
+ default in ssh:
+
+ * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and the
+ rijndael-cbc aliases for AES.
+ * MD5-based and truncated HMAC algorithms.
+
+ These algorithms are already disabled by default in sshd.
+
+ -- Colin Watson <cjwatson@debian.org> Tue, 08 Mar 2016 11:47:20 +0000
+
+openssh (1:7.1p1-2) unstable; urgency=medium
+
+ OpenSSH 7.0 disables several pieces of weak, legacy, and/or unsafe
+ cryptography.
+
+ * Support for the legacy SSH version 1 protocol is disabled by default at
+ compile time. Note that this also means that the Cipher keyword in
+ ssh_config(5) is effectively no longer usable; use Ciphers instead for
+ protocol 2. The openssh-client-ssh1 package includes "ssh1", "scp1",
+ and "ssh-keygen1" binaries which you can use if you have no alternative
+ way to connect to an outdated SSH1-only server; please contact the
+ server administrator or system vendor in such cases and ask them to
+ upgrade.
+ * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is
+ disabled by default at run-time. It may be re-enabled using the
+ instructions at http://www.openssh.com/legacy.html
+ * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by
+ default at run-time. These may be re-enabled using the instructions at
+ http://www.openssh.com/legacy.html
+ * Support for the legacy v00 cert format has been removed.
+
+ Future releases will retire more legacy cryptography, including:
+
+ * Refusing all RSA keys smaller than 1024 bits (the current minimum is
+ 768 bits).
+ * Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc,
+ all arcfour variants, and the rijndael-cbc aliases for AES.
+ * MD5-based HMAC algorithms will be disabled by default.
+
+ -- Colin Watson <cjwatson@debian.org> Tue, 08 Dec 2015 15:33:08 +0000
+
+openssh (1:6.9p1-1) unstable; urgency=medium
+
+ UseDNS now defaults to 'no'. Configurations that match against the client
+ host name (via sshd_config or authorized_keys) may need to re-enable it or
+ convert to matching against addresses.
+
+ -- Colin Watson <cjwatson@debian.org> Thu, 20 Aug 2015 10:38:58 +0100
+
+openssh (1:6.7p1-5) unstable; urgency=medium
+
+ openssh-server 1:6.7p1-4 changed the default setting of AcceptEnv to list
+ a number of specific LC_FOO variables rather than the wildcard LC_*. I
+ have since been persuaded that this was a bad idea and have reverted it,
+ but it is difficult to automatically undo the change to
+ /etc/ssh/sshd_config without compounding the problem (that of modifying
+ configuration that some users did not want to be modified) further. Most
+ users who upgraded via version 1:6.7p1-4 should restore the previous value
+ of "AcceptEnv LANG LC_*" in /etc/ssh/sshd_config.
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 22 Mar 2015 23:09:32 +0000
+
+openssh (1:5.4p1-2) unstable; urgency=low
+
+ Smartcard support is now available using PKCS#11 tokens. If you were
+ previously using an unofficial build of Debian's OpenSSH package with
+ OpenSC-based smartcard support added, then note that commands like
+ 'ssh-add -s 0' will no longer work; you need to use 'ssh-add -s
+ /usr/lib/opensc-pkcs11.so' instead.
+
+ -- Colin Watson <cjwatson@debian.org> Sat, 10 Apr 2010 01:08:59 +0100
+
+openssh (1:3.8.1p1-9) experimental; urgency=low
+
+ The ssh package has been split into openssh-client and openssh-server. If
+ you had previously requested that the sshd server should not be run, then
+ that request will still be honoured. However, the recommended approach is
+ now to remove the openssh-server package if you do not want to run sshd.
+ You can remove the old /etc/ssh/sshd_not_to_be_run marker file after doing
+ that.
+
+ -- Colin Watson <cjwatson@debian.org> Mon, 2 Aug 2004 20:48:54 +0100
+
+openssh (1:3.5p1-1) unstable; urgency=low
+
+ This version of OpenSSH disables the environment option for public keys by
+ default, in order to avoid certain attacks (for example, LD_PRELOAD). If
+ you are using this option in an authorized_keys file, beware that the keys
+ in question will no longer work until the option is removed.
+
+ To re-enable this option, set "PermitUserEnvironment yes" in
+ /etc/ssh/sshd_config after the upgrade is complete, taking note of the
+ warning in the sshd_config(5) manual page.
+
+ -- Colin Watson <cjwatson@debian.org> Sat, 26 Oct 2002 19:41:51 +0100
+
+openssh (1:3.0.1p1-1) unstable; urgency=high
+
+ As of version 3, OpenSSH no longer uses separate files for ssh1 and ssh2
+ keys. This means the authorized_keys2 and known_hosts2 files are no longer
+ needed. They will still be read in order to maintain backward
+ compatibility.
+
+ -- Matthew Vernon <matthew@debian.org> Thu, 28 Nov 2001 17:43:01 +0000