Date: Tue, 14 Sep 2021 11:06:10 +1000 From: Dewayne Geraghty <dewayne@heuristicsystems.com.au> To: freebsd-security@freebsd.org Subject: Re: Important note for future FreeBSD base system OpenSSH update Message-ID: <85d1dffc-729e-bb8c-32f8-46b452705fcd@heuristicsystems.com.au> In-Reply-To: <8169A4A8-B8D1-4265-87C8-74ED4D34FBC8@fasel.at> References: <CAPyFy2A390kS_C3g=Y9QhQcJ06z_FKUxXsNvi9g2CdWF24pukg@mail.gmail.com> <CAPyFy2B04b0GtWoHFQwxht5vK4_cnApPXpDLXU%2BRvcR=2L9YxA@mail.gmail.com> <CAPyFy2Aw8Z3ngiM8YHApjjPRLZVC5MCN8TRQkh6pj2fSeM1zqw@mail.gmail.com> <8169A4A8-B8D1-4265-87C8-74ED4D34FBC8@fasel.at>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank-you Ed, for providing a window for discussion. As much as I strongly agree with Dave Cottlehuber , there is sadly a pragmatic dimension. So, off by default goes some way to improve the world, but folk do appear to need to be able to connect to "antique" equipment that they have no mechanism to upgrade (perhaps call for an ISO27001 audit? ;) ). We really don't want to loose FreeBSDers for this. Minor point - your ssh command line was helpful as it confirmed connectivity to an older FreeBSD9.1 system (still in use from 2014) using ed25519, and finally, to clarify that putty 0.75 (from May 2021) uses rsa-sha256; current version is 0.76, per https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?85d1dffc-729e-bb8c-32f8-46b452705fcd>