Date: Sun, 12 Sep 2021 05:09:45 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Ed Maste <emaste@freebsd.org>, freebsd-security@freebsd.org Subject: Re: Important note for future FreeBSD base system OpenSSH update Message-ID: <e17ea9da-4a3b-a21f-2107-8b94e094974d@grosbein.net> In-Reply-To: <CAPyFy2Aw8Z3ngiM8YHApjjPRLZVC5MCN8TRQkh6pj2fSeM1zqw@mail.gmail.com> References: <CAPyFy2A390kS_C3g=Y9QhQcJ06z_FKUxXsNvi9g2CdWF24pukg@mail.gmail.com> <CAPyFy2B04b0GtWoHFQwxht5vK4_cnApPXpDLXU%2BRvcR=2L9YxA@mail.gmail.com> <CAPyFy2Aw8Z3ngiM8YHApjjPRLZVC5MCN8TRQkh6pj2fSeM1zqw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
10.09.2021 1:01, Ed Maste wrote: > To check whether a server is using the weak ssh-rsa public key > algorithm, for host authentication, try to connect to it after > removing the ssh-rsa algorithm from ssh(1)'s allowed list: > > ssh -oHostKeyAlgorithms=-ssh-rsa user@host > > If the host key verification fails and no other supported host key > types are available, the server software on that host should be > upgraded. I have some telco equipment (E1/SS7) based on custom Linux distro built by a vendor: $ ssh -oHostKeyAlgorithms=-ssh-rsa user@host Unable to negotiate with X.X.X.X port 22: no matching host key type found. Their offer: ssh-rsa I've already asked the vendor for possible upgrade and was told that no upgrade will be available. Will I be able to use ssh_config and following command to re-enable the feature after planned import? HostKeyAlgorithms ssh-rsa
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e17ea9da-4a3b-a21f-2107-8b94e094974d>