Re: Deprecating RSA ssh host keys in 16
- In reply to: Colin Percival : "Re: Deprecating RSA ssh host keys in 16"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 25 Sep 2024 17:24:54 UTC
Colin Percival <cperciva@tarsnap.com> writes: > It's still a very helpful data point! I've also had one response from > someone with old IoT systems which only understand RSA host keys, so I > think my proposed timeline of "warn people now that it will be disabled > by default in 16" is the way to go. Why is an IoT system making outbound ssh connections? That's the only way it would ever be aware of another system's host key. Btw, I believe there is either a Bugzilla ticket or a Phabricator review somewhere that makes the list of host key algorithms configurable (and it's trivial to recreate if you can't find it). Oh, and should we perhaps also disable (non-elliptic) DSA host keys? DES -- Dag-Erling Smørgrav - des@FreeBSD.org