OpenSSH support for FIDO RSA keys
Peter Moody
mindrot at hda3.com
Mon Aug 30 14:23:26 AEST 2021
> > A lot of equipment, perfectly good equipment, expensive equipment, but
> > old equipment requires it. Most of it is behind a security appliance so
> > there's no real risk is negligible if indeed it's not actually zero.
> >
> > Removing DSS removes management access to the equipment and the only
> > reason is a pedantic complaint that DSS is trivially broken.
> >
> > Please don't break equipment over well-meaning pedantry.
>
> I bet this (once) expensive equipment still supports telnet, so
> nothing is being broken.
even if it doesn't, the idea that someone would assume support of this
equipment is the responsibility of the openssh maintainers, rather
than the _vendor_, blows my mind.
save a statically linked copy of openssh that supports your old
crypto, problem solved.
More information about the openssh-unix-dev
mailing list