OpenSSH support for FIDO RSA keys
David Newall
openssh at davidnewall.com
Mon Aug 30 12:13:57 AEST 2021
On 28/8/21 2:57 am, Peter Stuge wrote:
> Damien Miller wrote:
>> I'm expecting a big fight when I eventually push to remove ssh-dss,
> FWIW I think that's long overdue, and understand your worry.
I, too, understand your worry, but I also understand why there will be a
lot of pushback against removing it.
A lot of equipment, perfectly good equipment, expensive equipment, but
old equipment requires it. Most of it is behind a security appliance so
there's no real risk is negligible if indeed it's not actually zero.
Removing DSS removes management access to the equipment and the only
reason is a pedantic complaint that DSS is trivially broken.
Please don't break equipment over well-meaning pedantry.
More information about the openssh-unix-dev
mailing list