Disabling Dropbear ssh-rsa support?
Thibaut
hacks at slashdirt.org
Fri Jul 4 09:33:01 PDT 2025
Hi,
> Le 4 juil. 2025 à 17:13, Stefan Kalscheuer via openwrt-devel <openwrt-devel at lists.openwrt.org> a écrit :
>
> Slight personal preference to do this also in case of a 24.10 backport, but that's a different discussion that may be postponed until after some feedback.
Please don’t. This type of backward-incompatible change should never be backported (unless it’s the only way to fix a CVE).
Also does this affect the ssh client as well? This may be more relevant than the server side of things: a lot old(er) SSH server implementations only offer rsa-sha1 (e.g. off the top of my head, HP iLO 4), so users may lose the ability to connect there: this should be advertised.
My 2c,
T
More information about the openwrt-devel
mailing list