Legacy option for key length?
Gert Doering
gert at greenie.muc.de
Tue Jan 2 03:48:30 AEDT 2018
Hi,
On Mon, Jan 01, 2018 at 07:52:26AM -0800, Peter Moody wrote:
> I would prefer that:
>
> * commercial vendors patched the software they sold
> * people who purchased from these vendors to take responsibility for
> their actions and apply pressure on the commercial vendors rather than
> the free software developers who provide the client software, for
> free.
You *are* aware what people are talking about? Like, management cards
for UPSes and such, where the important part is "will that UPS provide
reliable power for a reasonable price", a secondary question is "can I
monitor that thing in a reasonable way?", and a very very very minor
influencing factor is "will the management card do SNMPv3, or SSH with o
2048 bit RSA key size"?
Your extreme point of view is just unrealistic for such devices and
vendors.
> and I'm not sure what your bugaboo is about a fractured user base; at
> any given time there are probably hundreds of different versions of
> openssh being distributed due to different os's, distros, etc.
>
> by the way, do you not see that every one of your arguments about the
> openssh client can be applied, almost verbatim, to the vendor supplied
> sshd? with the obvious exception that one is supplied by a commercial
> vendor.
Like, "making updates, and all of a sudden, working setups stop working"?
I *have* seen this, and usually because the vendor imported a newer version
of OpenSSH, which broke existing functionality :-) (like, Fortigate, which
all of a sudden did not authenticate users with DSA keys anymore, and no
mentioning of it in the release notes...).
gert
--
now what should I write here...
Gert Doering - Munich, Germany gert at greenie.muc.de
More information about the openssh-unix-dev
mailing list