Important note for future FreeBSD base system OpenSSH update
Eugene Grosbein
eugen at grosbein.net
Sat Sep 11 22:10:07 UTC 2021
10.09.2021 1:01, Ed Maste wrote:
> To check whether a server is using the weak ssh-rsa public key
> algorithm, for host authentication, try to connect to it after
> removing the ssh-rsa algorithm from ssh(1)'s allowed list:
>
> ssh -oHostKeyAlgorithms=-ssh-rsa user at host
>
> If the host key verification fails and no other supported host key
> types are available, the server software on that host should be
> upgraded.
I have some telco equipment (E1/SS7) based on custom Linux distro built by a vendor:
$ ssh -oHostKeyAlgorithms=-ssh-rsa user at host
Unable to negotiate with X.X.X.X port 22: no matching host key type found. Their offer: ssh-rsa
I've already asked the vendor for possible upgrade and was told that no upgrade will be available.
Will I be able to use ssh_config and following command to re-enable the feature after planned import?
HostKeyAlgorithms ssh-rsa
More information about the freebsd-security
mailing list