Legacy option for key length?
Michael Ströder
michael at stroeder.com
Tue Jan 2 03:59:55 AEDT 2018
Gert Doering wrote:
> On Mon, Jan 01, 2018 at 07:52:26AM -0800, Peter Moody wrote:
>> I would prefer that:
>>
>> * commercial vendors patched the software they sold
>> * people who purchased from these vendors to take responsibility for
>> their actions and apply pressure on the commercial vendors rather than
>> the free software developers who provide the client software, for
>> free.
>
> You *are* aware what people are talking about? Like, management cards
> for UPSes and such, where the important part is "will that UPS provide
> reliable power for a reasonable price", a secondary question is "can I
> monitor that thing in a reasonable way?", and a very very very minor
> influencing factor is "will the management card do SNMPv3, or SSH with o
> 2048 bit RSA key size"?
And another important question is:
How high is the risk that this unmaintained device is added to
yet-another-bot-net in the Internet-of-shitty-devices or is used to
enter parts of your network.
If you run such devices you have to do your homework. Part of this is to
setup secured admin gateways where you can run whatever customized SSH
client you need to accomodate this moldy devices. It might turn out that
it's cheaper to buy new devices though.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180101/1692d88d/attachment.p7s>
More information about the openssh-unix-dev
mailing list