Disabling Dropbear ssh-rsa support?
Henrique de Moraes Holschuh
henrique at nic.br
Mon Jul 7 04:50:17 PDT 2025
Em 05/07/2025 04:15, Bjørn Mork via openwrt-devel escreveu:
> To mitigate this problem, the original message has been wrapped
> automatically by the mailing list software.
When you deprecate RSA-SHA1, the RSA keys are still just as valid as
they were before. The session will have to use something like
RSA-SHA2-256, though.
OTOH, should you blacklist RSA keys < 2048 bits, then yes, it could
result in one getting locked out. Mind you, it is not just the
authorized keys, you also need to ensure the host keys are large enough.
--
Henrique de Moraes Holschuh
Analista de Projetos
Centro de Estudos e Pesquisas em Tecnologias de Redes e Operações
(Ceptro.br)
+55 11 5509-3537 R.:4023
INOC 22548*625
www.nic.br
More information about the openwrt-devel
mailing list