planning for deprecations
mike tancsa
mike at sentex.net
Thu Oct 14 22:26:04 AEDT 2021
Hi,
I have a few servers where a lot of different client implementation
connect and I want to proactively see who will break as certain key
exchange protocols and ciphers get deprecated (e.g. rsa-sha1). One
thing that would be helpful, and perhaps this could be changed going
forward is setting the loglevel to verbose from debug ? e.g. something
like this would make planning / migration a little easier for admins
without having to go full debug level, which brings in a lot more data
than necessary. (diff is from FreeBSD's RELENG_12 copy, but the idea is
the same)
--- crypto/openssh/kex.c.prev 2021-10-14 06:50:53.862633000 -0400
+++ crypto/openssh/kex.c 2021-10-14 06:51:20.902653000 -0400
@@ -761,7 +761,7 @@
k->name = match_list(client, server, NULL);
- debug("kex: algorithm: %s", k->name ? k->name : "(no match)");
+ verbose("kex: algorithm: %s", k->name ? k->name : "(no match)");
if (k->name == NULL)
return SSH_ERR_NO_KEX_ALG_MATCH;
if ((kexalg = kex_alg_by_name(k->name)) == NULL)
@@ -777,7 +777,7 @@
{
k->hostkey_alg = match_list(client, server, NULL);
- debug("kex: host key algorithm: %s",
+ verbose("kex: host key algorithm: %s",
k->hostkey_alg ? k->hostkey_alg : "(no match)");
if (k->hostkey_alg == NULL)
return SSH_ERR_NO_HOSTKEY_ALG_MATCH;
@@ -892,7 +892,7 @@
peer[ncomp] = NULL;
goto out;
}
- debug("kex: %s cipher: %s MAC: %s compression: %s",
+ verbose("kex: %s cipher: %s MAC: %s compression: %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
authlen == 0 ? newkeys->mac.name : "<implicit>",
---Mike
More information about the openssh-unix-dev
mailing list