[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Removing DSS and other unreasonable algorithms (Was: Missing signed-off for pkg chacha20 patches)


On Tuesday, 19 June 2018 16:35:49 CEST Jakub Jelen wrote:
> On Thu, 2018-06-14 at 16:03 +0200, Andreas Schneider wrote:
> > [...]
> > 
> > Looks like openssh removed support for ssh-dss. At least my openssh
> > 7.7
> > doesn't know about it at all.
> 
> The OpenSSH 7.7p1 still has the support for ssh-dss keys, but they are
> disabled by default for any use, unless you enable them using
> PubkeyAcceptedKeyTypes and friend configuration options. The reason why
> it is still there is probably because the DSA keys are mandatory part
> (REQUIRED) of RFC4253 (Section 6.6).
> 
> > I would remove it from libssh after the release of 0.8 together with
> > SSHv1
> > support.
> > 
> > I think we can remove it from pkd already? Comments?
> 
> Removing the ancient SSHv1, blowfish and other unreasonable algorithms
> makes sense for me.

SSHv1 will be removed, the algorithms will not be compiled in by default but 
still available.

This should not affect connecting to RHEL5 as it support and uses rsa keys by 
default.


	Andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx



Archive administrator: postmaster@lists.cynapses.org