From nobody Thu Sep 26 22:25:36 2024 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XF7Zw3SSyz5X6Zs for ; Thu, 26 Sep 2024 22:30:16 +0000 (UTC) (envelope-from naddy@mips.inka.de) Received: from mail.inka.de (mail.inka.de [IPv6:2a04:c9c7:0:1073:217:a4ff:fe3b:e77c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4XF7Zt5S8bz4QD2; Thu, 26 Sep 2024 22:30:14 +0000 (UTC) (envelope-from naddy@mips.inka.de) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of naddy@mips.inka.de designates 2a04:c9c7:0:1073:217:a4ff:fe3b:e77c as permitted sender) smtp.mailfrom=naddy@mips.inka.de; dmarc=none Received: from mips.inka.de (naddy@[127.0.0.1]) by mail.inka.de with uucp (rmailwrap 0.5) id 1stwzt-001cQW-4O; Fri, 27 Sep 2024 00:30:05 +0200 Received: from lorvorc.mips.inka.de (localhost [127.0.0.1]) by lorvorc.mips.inka.de (8.18.1/8.18.1) with ESMTP id 48QMPa8r026076; Fri, 27 Sep 2024 00:25:36 +0200 (CEST) (envelope-from naddy@lorvorc.mips.inka.de) Received: (from naddy@localhost) by lorvorc.mips.inka.de (8.18.1/8.18.1/Submit) id 48QMPaLb026075; Fri, 27 Sep 2024 00:25:36 +0200 (CEST) (envelope-from naddy) Date: Fri, 27 Sep 2024 00:25:36 +0200 From: Christian Weisgerber To: Colin Percival Cc: Xin LI , Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , Shawn Webb , freebsd-arch@freebsd.org, Li-Wen Hsu , Ronald Klop Subject: Re: Deprecating RSA ssh host keys in 16 Message-ID: References: <0100019225563885-e7f0aed8-cff8-4247-8bcd-861aed3e5cc7-000000@email.amazonses.com> <0100019229c3e0d7-fd2e827b-6647-41a1-bc89-39367954f98c-000000@email.amazonses.com> <868qvfy7bt.fsf@ltc.des.dev> <010001922aec1a6b-133cecdd-1d83-43eb-aa46-a0eb25252ccd-000000@email.amazonses.com> List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <010001922aec1a6b-133cecdd-1d83-43eb-aa46-a0eb25252ccd-000000@email.amazonses.com> X-Spamd-Result: default: False [-3.06 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.998]; NEURAL_HAM_SHORT(-0.76)[-0.758]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; FREEMAIL_CC(0.00)[gmail.com,freebsd.org,hardenedbsd.org]; ARC_NA(0.00)[]; ASN(0.00)[asn:202113, ipnet:2a04:c9c7::/32, country:DE]; MIME_TRACE(0.00)[0:+]; FREEFALL_USER(0.00)[naddy]; TO_DN_SOME(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-arch@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_SEVEN(0.00)[7]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_NA(0.00)[inka.de]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; MISSING_XM_UA(0.00)[] X-Rspamd-Queue-Id: 4XF7Zt5S8bz4QD2 X-Spamd-Bar: --- Colin Percival: > DSA host key generation was disabled in af8ee1391d08c (August 2016). If you > have DSA host keys I think they will get used, but we don't generate them by > default now. And that's going away, too. Starting with OpenSSH 9.8, DSA support is no longer compiled in by default, and "removing DSA support entirely is planned for the first OpenSSH release of 2025". -- Christian "naddy" Weisgerber naddy@mips.inka.de