Legacy option for key length?

Peter Moody mindrot at hda3.com
Sun Dec 31 14:22:00 AEDT 2017

> By making it impossible for people to use SSH

nb, it's not impossible to use opessh. it might not be possible to use
a *modern* openssh client to connect to an old, unpatched unmaintained
(by the vendor) sshd. i'd argue that's not the client's fault.

> you are forcing people to use
> less secure software; telnet because they can't use ssh;

alternative interpretation. i'm less likely to buy from a vendor who
has a history of not keeping their software patched. if everyone else
is similarly inclined, vendors will quickly take note.

> old, buggy versions
> of ssh because that's what they had to install so that they could connect to
> their industrial equipment.

I'd personally be more worried about the buggy sshd to which I'm connecting.

maintaining old code isn't free. if you need the old options, ssh1
support, whatever, you should bear the cost of that yourself (by
keeping an old copy around, or compiling it yourself when you need
it). that cost shouldn't be borne by the openssh developers and not
the ret of the community.

More information about the openssh-unix-dev mailing list