Deprecated options when restarting openssh in Stretch

In the current Stretch update, openssh version changed from 7.3 to 7.4, released on 2016-Dec-19.

As it can be inferred from the Release notes, and from @Jakuje comments, OpenSSH maintainers have removed the corresponding configuration options for good, as they are obsolete.

So the lines can be safely removed.

Also, take head of:

Future deprecation notice

We plan on retiring more legacy cryptography in future releases, specifically:

  • In approximately August 2017, removing remaining support for the
    SSH v.1 protocol (client-only and currently compile-time disabled).

  • In the same release, removing support for Blowfish and RC4 ciphers and the RIPE-MD160 HMAC. (These are currently run-time disabled).

  • Refusing all RSA keys smaller than 1024 bits (the current minimum
    is 768 bits)

  • The next release of OpenSSH will remove support for running sshd(8) with privilege separation disabled.

  • The next release of portable OpenSSH will remove support for
    OpenSSL version prior to 1.0.1.


You can remove deprecated configuration lines with this:

sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config
sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config
sed -i '/RSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/RhostsRSAAuthentication/d' /etc/ssh/sshd_config
sed -i '/UsePrivilegeSeparation/d' /etc/ssh/sshd_config

And restart SSH daemon: systemctl restart sshd

Tags:

Openssh

Debian