OpenSSH support for FIDO RSA keys

Peter Moody mindrot at hda3.com
Tue Aug 31 01:45:05 AEST 2021


> That will take effort and I bet leaving them in the code will take none.

neither you nor I are maintainers of openssh, but with unit tests and
configure options, this strikes me as a weird assumption to make.

look, this comes up every time openssh removes support for some
horribly broken crypto. "you're making my devices inaccessible, how
could you!?" and the answer is always the same,

 1. you're free to maintain a copy of the ssh client that supports
your old devices.
 2. you should be complaining to your hardware vendor, to whom you
pay/paid actual money.

as a thought experiment, imagine asking the chrome devs to keep
supporting ssl v3 because some commercial appliance you run hasn't
been updated in a decade.

/rant


More information about the openssh-unix-dev mailing list