Legacy Options

Dan Mahoney (Gushi) danm at prime.gushi.org
Thu Mar 30 12:28:45 AEDT 2023

Hey there all,

I'm mentioning this as a "dev" issue because it's "Docs and Website", not 
as a general "usage" question.

A few years back, I started a thread about RSA768 not being available in 
SSH client any more, because I had lost access to my APC power strips 
(which are on a NAT'd network, inside a data center, as a result).  I 
argued that "look, I know what I'm doing, I know this is safe, please 
don't make me recompile the binary, or worse, run an old version of 
openssh to do what I need".  I was shut down.  Sorry for the thread war.

Anyway, a friend is using MacOS ventura, where either a builtin on the 
part of openssh *or* a decision of the people who are bundling it has 
caused them to hit an error like "no mutual signature algorithm".

Here's my simple ask:

There's a page here: https://www.openssh.com/legacy.html

It's one of the first things you get when you google for the error 
messages you get.

As SSH and crypto in general is a moving target, Could that page please be 
expanded to list (or point to another page) the options that are no longer 
overrideable, and the errors one might hit?  And perhaps, in what version 
of openssh?

I.e. ssh1 support, rsa768, DSS key algorithms, etc...and the errors you 
might get for those?  To help people figure out "Okay, I can set a knob in 
my config file and work with this for a little bit longer" or "No, there's 
no option BUT upgrading (or running an old version)".



--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
FB:  fb.com/DanielMahoneyIV
LI:   linkedin.com/in/gushi
Site:  http://www.gushi.org

More information about the openssh-unix-dev mailing list