[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Removing DSS and other unreasonable algorithms (Was: Missing signed-off for pkg chacha20 patches)


On Tue, Jun 19, 2018 at 04:35:49PM +0200, Jakub Jelen wrote:
> On Thu, 2018-06-14 at 16:03 +0200, Andreas Schneider wrote:
> > [...]
> > 
> > Looks like openssh removed support for ssh-dss. At least my openssh
> > 7.7 
> > doesn't know about it at all.
> 
> The OpenSSH 7.7p1 still has the support for ssh-dss keys, but they are
> disabled by default for any use, unless you enable them using
> PubkeyAcceptedKeyTypes and friend configuration options. The reason why
> it is still there is probably because the DSA keys are mandatory part
> (REQUIRED) of RFC4253 (Section 6.6).
> 
> > I would remove it from libssh after the release of 0.8 together with
> > SSHv1 
> > support.
> > 
> > I think we can remove it from pkd already? Comments?
> 
> Removing the ancient SSHv1, blowfish and other unreasonable algorithms
> makes sense for me.

Can we keep them in some way that allows us to connect to
RHEL 5 - era systems?

The background to this is that we currently use libssh2 (and intend to
use libssh in the near future) to move VM workloads off old Xen
machines, and we do all that over ssh.

I'll just boot up a RHEL 5 instance to find out what algorithms it
offers ...

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW

References:
Missing signed-off for pkg chacha20 patchesAndreas Schneider <asn@xxxxxxxxxxxxxx>
Re: Missing signed-off for pkg chacha20 patchesJon Simons <jon@xxxxxxxxxxxxx>
Re: Missing signed-off for pkg chacha20 patchesAndreas Schneider <asn@xxxxxxxxxxxxxx>
Re: Missing signed-off for pkg chacha20 patchesAndreas Schneider <asn@xxxxxxxxxxxxxx>
Removing DSS and other unreasonable algorithms (Was: Missing signed-off for pkg chacha20 patches)Jakub Jelen <jjelen@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org