Date: Fri, 29 Aug 2025 13:36:23 +0100 From: Frank Leonhardt <freebsd-doc@fjl.co.uk> To: Christian Weisgerber <naddy@mips.inka.de> Cc: questions@freebsd.org Subject: Re: ssh on FreeBSD 14.3 won't talk to older hosts Message-ID: <66c31d86-33bc-4a2f-9d97-36eed8441ed9@fjl.co.uk> In-Reply-To: <aKXcMTBDrt0ypCP_@lorvorc.mips.inka.de> References: <5933e560-714b-492b-9151-380d5527ba18@fjl.co.uk> <19992208-8ea5-4e3d-93fc-a4f62c5594f2@fjl.co.uk> <aKXcMTBDrt0ypCP_@lorvorc.mips.inka.de>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On 20/08/2025 15:31, Christian Weisgerber wrote:
> Frank Leonhardt:
>
>> Add the following:
>>
>> HostKeyAlgorithms=+ssh-dss
>> PubkeyAcceptedKeyTypes +ssh-rsa
>> Protocol 2,1
>>
>> I have all three but they may not all be needed in all circumstances, and
>> having protocol 1 isn't something you want to enable unless you're aware of
>> the risks.
> That's cute if "Protocol 2,1" is still accepted for compatibility,
> but there is no risk. The actual protocol 1 code has been summarily
> deleted from OpenSSH as of release 7.6 (Oct 2017).
>
>> This is IN SPITE of OpenSSH ssh-keygen still generating RSA by default, so
> Actually, that has been Ed25519 since OpenSSH 9.5 (Oct 2023)... but the
> FreeBSD -stable branches haven't picked up that change.
>
>> the default key type it creates it won't use without this hack. Unless I'm
>> missing something.
> There is a difference between a _key type_ and a _public key algorithm_.
> Admittely, those are the same for all other key types except for RSA,
> where there are three algorithms that can all use the same RSA keys:
> * ssh-rsa
> * rsa-sha2-256
> * rsa-sha2-512
>
> The difference is that those use the SHA-1, SHA-256, and SHA-512
> hashes, respectively. SHA-1 is obsolete and no longer considered
> secure, so the "ssh-rsa" _algorithm_ has been disabled by default.
> You can still use the same "ssh-rsa" _keys_ with rsa-sha2-256 or
> rsa-sha2-512.
Ah, thanks. Good background, and I didn't know a lot of that.
Even if Ed25519 has been the default since OpenSSH, it's a bit much to
refuse anything else two years after the change! I'd say refuse if five
year AFTER the default was changed.
Regards, Frank.
[-- Attachment #2 --]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 20/08/2025 15:31, Christian
Weisgerber wrote:<br>
</div>
<blockquote type="cite"
cite="mid:aKXcMTBDrt0ypCP_@lorvorc.mips.inka.de">
<pre class="moz-quote-pre" wrap="">Frank Leonhardt:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Add the following:
HostKeyAlgorithms=+ssh-dss
PubkeyAcceptedKeyTypes +ssh-rsa
Protocol 2,1
I have all three but they may not all be needed in all circumstances, and
having protocol 1 isn't something you want to enable unless you're aware of
the risks.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
That's cute if "Protocol 2,1" is still accepted for compatibility,
but there is no risk. The actual protocol 1 code has been summarily
deleted from OpenSSH as of release 7.6 (Oct 2017).
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">This is IN SPITE of OpenSSH ssh-keygen still generating RSA by default, so
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Actually, that has been Ed25519 since OpenSSH 9.5 (Oct 2023)... but the
FreeBSD -stable branches haven't picked up that change.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">the default key type it creates it won't use without this hack. Unless I'm
missing something.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
There is a difference between a _key type_ and a _public key algorithm_.
Admittely, those are the same for all other key types except for RSA,
where there are three algorithms that can all use the same RSA keys:
* ssh-rsa
* rsa-sha2-256
* rsa-sha2-512
The difference is that those use the SHA-1, SHA-256, and SHA-512
hashes, respectively. SHA-1 is obsolete and no longer considered
secure, so the "ssh-rsa" _algorithm_ has been disabled by default.
You can still use the same "ssh-rsa" _keys_ with rsa-sha2-256 or
rsa-sha2-512.
</pre>
</blockquote>
<p>Ah, thanks. Good background, and I didn't know a lot of that.<br>
</p>
<p>Even if Ed25519 has been the default since OpenSSH, it's a bit
much to refuse anything else two years after the change! I'd say
refuse if five year AFTER the default was changed.</p>
<p>Regards, Frank.</p>
<p><br>
</p>
<p><span style="white-space: pre-wrap">
</span></p>
</body>
</html>
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?66c31d86-33bc-4a2f-9d97-36eed8441ed9>