OpenSSH support for FIDO RSA keys

Peter Moody mindrot at
Mon Aug 30 14:23:26 AEST 2021

> > A lot of equipment, perfectly good equipment, expensive equipment, but
> > old equipment requires it.  Most of it is behind a security appliance so
> > there's no real risk is negligible if indeed it's not actually zero.
> >
> > Removing DSS removes management access to the equipment and the only
> > reason is a pedantic complaint that DSS is trivially broken.
> >
> > Please don't break equipment over well-meaning pedantry.
> I bet this (once) expensive equipment still supports telnet, so
> nothing is being broken.

even if it doesn't, the idea that someone would assume support of this
equipment is the responsibility of the openssh maintainers, rather
than the _vendor_, blows my mind.

save a statically linked copy of openssh that supports your old
crypto, problem solved.

More information about the openssh-unix-dev mailing list