Disabling Dropbear ssh-rsa support?
Stefan Kalscheuer
stefan at stklcode.de
Fri Jul 4 08:13:28 PDT 2025
Hi Paul,
> At the current state, the patch also disables support `ssh-rsa` support, [...]
To clarify this does not remove RSA support, but only the legacy
RSA-SHA1 algorithm. "rsa-sha2-256" is still present in the proposed
default configuration.
> Any opinions on how to move forward?
Since "ssh-rsa" has been deprecated in various implementations (e.g.,
OpenSSH 8.2 in 02/2020 [1], and disabled by default in 8.8 in 09/2021
[2]), most users should (hopefully) be aware of it by now and likely
won't notice any difference with any semi-modern client.
(Was anyone using OpenSSH instead of Dropbear ever missed it?)
I would vote for disabling it in Dropbear by default, at least in "main"
for the next release.
Slight personal preference to do this also in case of a 24.10 backport,
but that's a different discussion that may be postponed until after some
feedback.
Cheers,
Stefan
[1] https://www.openssh.com/txt/release-8.2
[2] https://www.openssh.com/txt/release-8.8
More information about the openwrt-devel
mailing list