From owner-freebsd-questions@freebsd.org Fri Mar 11 11:30:21 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8AAEFACCB4A for ; Fri, 11 Mar 2016 11:30:21 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48240C0A for ; Fri, 11 Mar 2016 11:30:21 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from ox-dell39.ox.adestra.com (unknown [85.199.232.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 296AE83FE for ; Fri, 11 Mar 2016 11:30:14 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/296AE83FE; dkim=none; dkim-atps=neutral Subject: Re: SSH and FreeBSD-11 To: freebsd-questions@freebsd.org References: From: Matthew Seaman X-Enigmail-Draft-Status: N1110 Message-ID: <56E2AC3F.2050907@freebsd.org> Date: Fri, 11 Mar 2016 11:30:07 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jHQsJaG3unM6289O2ce5NBIK0fnoVHF29" X-Virus-Scanned: clamav-milter 0.99 at smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=2.2 required=5.0 tests=RDNS_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on smtp.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2016 11:30:21 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jHQsJaG3unM6289O2ce5NBIK0fnoVHF29 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 03/11/16 10:01, Carmel wrote: > On Fri, 11 Mar 2016 16:36:02 +0800, Jov stated: >=20 >> > openssh in freebsd 11 will not generate dsa host key any more=EF=BC= =8CI >> > have a pr about this. > Thanks, I did not know it was a known issue. I had not read anything > about it. This site is quite instructive about where current SSH ciphers etc. have known weaknesses: http://stribika.github.io/2015/01/04/secure-secure-shell.html DSA keys will have been deprecated because they only allow a 1024bit modulus, and that's now known to be vulnerable to attack. It takes quite a well resourced attacker to do so right now, but Moore's law will soon make that club a lot less exclusive. Cheers, Matthew --jHQsJaG3unM6289O2ce5NBIK0fnoVHF29 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJW4qw/AAoJEABRPxDgqeTn8lIP/3SJutEVrGuF89ZPm+tHNyds vkY+eSpn9RaOgPeIYDmCSEdQWvqMjPTelXZ+bXGWqd+E/FdUG87UvwpX3ssDOwHl T8oeJxQJONyJ+NVuwpgjqjtGirTtFIHpO+4GtNb4TLEIz/2RWIdQFZB93/RTnCyK 5zgEvxIQ+IylQhSg2UW+2mnEVTg/LDhmsfUgRCtCyLXJD6aBJzhBJYGJ6TJP9g5b NTTdB3+KZKBfaaLO+cKpSA9lunKFfjebYbWGy0nNMYgGyoXSi5JcqQmjBkA0bgim BO7b72Pwo3PquNV7zGNXuS9RAyB8mSSUvZl8JsQzDV+v4b60UKY9Lqv5rhj9gXR1 wv67SXfwa907lJ4qsMKpGeLon8xyhVec/mqRLRl6Vu4p9jLfl1CXVsm3zZjyHx68 RrmDsTx/zjfoHu4F+icXvEO4t/amIkGs1cwiZYNPL9eJsLzAife6GOFZIZET96Yz CQiAXemfWDsbZ7ixFUK66MUSZF6jrQ76qPBIsL2DnmB7LBVQTLAJCuW5B4g84UH0 Uh8aeoILxfritiV8xnUIRC+JQg4wKt++bRDOd8RuZyPhLmyynXWceBnAq2qNaAgH FDWhv2/buja4jQdtvQqNW4Iqjr3Kz0zT2Ss4BfwVAjh3P4BJHXqMMB026k9SGllE qmbyiMd5MIwkGAlhk3xA =4QMI -----END PGP SIGNATURE----- --jHQsJaG3unM6289O2ce5NBIK0fnoVHF29--