Date: Sun, 11 May 2025 18:10:35 +0200 From: Christian Weisgerber <naddy@mips.inka.de> To: freebsd-security@freebsd.org Subject: Re: Heads-up: DSA key support being removed from OpenSSH Message-ID: <aCDL-2e0qe995uG3@lorvorc.mips.inka.de> In-Reply-To: <aCCH5VSOgkX1dpOT@int21h> References: <CAPyFy2Dk0VoqLPSHxTLzBCWT_ouqU_kj4QNhN17VybMinbr6bA@mail.gmail.com> <76933d66-eff5-4d43-a7a6-98a153e71d77@rlwinm.de> <CAPyFy2DAk8wx34gEJs7L94NykyMDBzAjLo9TwQOa_SPVvEFQ3A@mail.gmail.com> <p992nn1n-p9n2-s64o-9666-o5on62nnor7s@yvfgf.mnoonqbm.arg> <aCCH5VSOgkX1dpOT@int21h>
index | next in thread | previous in thread | raw e-mail
void: > +1 to this. Just the client. Maybe call it openssh-vuln? > > I can appreciate it being removed in base, in server. But there's > lots of otherwise-working gear around that only uses > ssh-dss or ssh-rsa. We only need the client. ssh-rsa, i.e. RSA keys with a signature algorithm that uses SHA-1, is still supported in the latest OpenSSH, even if disabled by default. -- Christian "naddy" Weisgerber naddy@mips.inka.dehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aCDL-2e0qe995uG3>