Legacy option for key length?

Stuart Henderson stu at spacehopper.org
Sat Dec 30 01:26:31 AEDT 2017


On 2017-12-29, Dan Mahoney (Gushi) <danm at prime.gushi.org> wrote:
> I occasionally manage some APC PDU devices.  I manage them via a VPN, 
> which enforces super-heavy crypto, and their access is restricted to only 
> jumphosts and the VPN.  Basically, the only time you need to log into 
> these is when you go to reboot something that's down.
> 
> Their web UI with SSL doesn't work with modern browsers.
> Their CPU is...tiny, and their SSHd implementation is...old (and, I 
> believe, proprietary).
>
> I think it defaults to RSA768, and even then, takes a good 15 seconds to 
> let you log in.

I have some of these too. I used an old browser to connect to the web interface,
turned off SSH and switched to using telnet from the jumphost instead. Given how
crappy SSH is on these even when short keys were allowed, this was overall a big
improvement.

> I googled around for the release note and the source code commit that had 
> produced this, and then tried looking for workarounds here: 
> https://www.openssh.com/legacy.html

The only workarounds are to recompile or use different software to connect.




More information about the openssh-unix-dev mailing list