Date: Mon, 20 Sep 2021 21:21:17 +0200 From: Mathieu Arnold <mat@freebsd.org> To: Eugene Grosbein <eugen@grosbein.net> Cc: Ed Maste <emaste@freebsd.org>, freebsd-security@freebsd.org Subject: Re: Important note for future FreeBSD base system OpenSSH update Message-ID: <20210920192117.ylaewdyxcjtl6rsb@aching.in.mat.cc> In-Reply-To: <e17ea9da-4a3b-a21f-2107-8b94e094974d@grosbein.net> References: <CAPyFy2A390kS_C3g=Y9QhQcJ06z_FKUxXsNvi9g2CdWF24pukg@mail.gmail.com> <CAPyFy2B04b0GtWoHFQwxht5vK4_cnApPXpDLXU%2BRvcR=2L9YxA@mail.gmail.com> <CAPyFy2Aw8Z3ngiM8YHApjjPRLZVC5MCN8TRQkh6pj2fSeM1zqw@mail.gmail.com> <e17ea9da-4a3b-a21f-2107-8b94e094974d@grosbein.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sun, Sep 12, 2021 at 05:09:45AM +0700, Eugene Grosbein wrote: > 10.09.2021 1:01, Ed Maste wrote: > > > To check whether a server is using the weak ssh-rsa public key > > algorithm, for host authentication, try to connect to it after > > removing the ssh-rsa algorithm from ssh(1)'s allowed list: > > > > ssh -oHostKeyAlgorithms=-ssh-rsa user@host > > > > If the host key verification fails and no other supported host key > > types are available, the server software on that host should be > > upgraded. > > I have some telco equipment (E1/SS7) based on custom Linux distro built by a vendor: > > $ ssh -oHostKeyAlgorithms=-ssh-rsa user@host > Unable to negotiate with X.X.X.X port 22: no matching host key type found. Their offer: ssh-rsa > > I've already asked the vendor for possible upgrade and was told that no upgrade will be available. > > Will I be able to use ssh_config and following command to re-enable the feature after planned import? > > HostKeyAlgorithms ssh-rsa Same here, I have many telco and even switches and routers that only support ssh-rsa, will it be possible to use a ssh_config knob to enable it back? -- Mathieu Arnold [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEVhwchfRfuV0unqO5KesJApEdfgIFAmFI3yhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDU2 MUMxQzg1RjQ1RkI5NUQyRTlFQTNCOTI5RUIwOTAyOTExRDdFMDIACgkQKesJApEd fgKARg/9GwxP+aPnLsUo+ZjxRfKIaUmvUs0phVPSlOsfeIc7IADR6c/2pKufPxX1 Y6i8sFQXJAVf3+cqm0cwlBxonVZ63/rSzFT2l9rfB6xp5EIhe50yLhxJeEt7Vl3z ENGqki0IYOR21ziohja2rr9xz2nzlkZm27rUdkysODoqHkW0OESqMOMFl/lkdc/k uVAj1d1rac34yATtRgE0JSFFnlCJ+PeYotw5w5bh3TcvNsTy7Lhv1EP9S6AcE7S3 5Wa6/hooF++8TwJP6DyaV29l1mB1WBcVceELiUez+4/LyBNflTifY4pZv8E3F/TE Ua9l3wZMeFF0LCqWz0ZU7mNjjcP5bHIBbD43JZpUKqM1ndM0lpufO4K3DOqBr4P3 5BFii+H6r4sbH+mkUc1tIdWYFOYzAt2xicnYs+0AyBz40c1ewTsusB8rs73l3z0r E7qgHWKN7ivZAWvotGn1Rnc9sbfSCesYJU9XtOb3MouTfqNvF1eNPF2B8Jh/hsar 6ckyyqDJeW2YdV5IT1TNGLW0dLTboPI4w2mZBJ1P8P+W4ixSuCaCDHBtmSaeAx4M AQZAMOH6JkgRbwFR+HS4G0Sgx93f+7eAQRsloHQ45eTD6lu75pzT+zSJ5cN07lfZ FAkBzMfuTkfQOSKv2HRPH+eQUBpVPJDbb1TeG417uB/dX9ZYqFo= =4aHI -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210920192117.ylaewdyxcjtl6rsb>