Disabling Dropbear ssh-rsa support?
Tim Small
tim at seoss.co.uk
Fri Jul 4 15:08:54 PDT 2025
On 04/07/2025 17:33, Thibaut wrote:
> Also does this affect the ssh client as well? This may be more relevant than the server side of things: a lot old(er) SSH server implementations only offer rsa-sha1 (e.g. off the top of my head, HP iLO 4), so users may lose the ability to connect there: this should be advertised.
I don't know if the proposed change would impact the dropbear ssh client
either, but if it does, then a straightforward workaround to access such
outdated ssh servers via an OpenWrt device, would be to use e.g. OpenSSH
on the users desktop to connect through the OpenWrt device using the
OpenSSH "jump host" feature:
user at laptop:~$ ssh admin at oldthing -J root at openwrtdevice.elsewhere
...which is probably what most users would (or at least should) be doing
already?
For those that don't / can't use jumphost, they could always install the
openssh-client package directly on the OpenWrt device instead?
Tim.
More information about the openwrt-devel
mailing list