Can someone running a more recent build confirm? I will open a ticket if so. Here is a link to a simple python script that probes ssh vulnerabilities: https://github.com/jtesta/ssh-audit
From what I understand, ed25519 is fast, secure, and has a small footprint. RSA has to be 4096 bit length to be secure. I think all mine are SHA256. This is the reason why a reset to defaults is advised every so often, to regenerate the key on the router. Always a good idea to refresh it regularly, as much of a pain in the ass as it is. BUT, we probably could get away with going with ed25519 and save a lot of space and headache, perhaps?
Joined: 08 May 2018 Posts: 14248 Location: Texas, USA
Posted: Tue Aug 20, 2019 23:53 Post subject:
I saw something in the defaults.h referring to curve25519, and I guess I presumed it was related somehow. Dropbear is definitely 'light'. I guess I am just used to openssh. I'm curious as to whether or not there is going to be a shift to LibreSSL from OpenSSL here.
Joined: 08 May 2018 Posts: 14248 Location: Texas, USA
Posted: Sat Dec 21, 2019 0:24 Post subject:
FYI, the change to remove Group14 SHA1 was reverted and Group1 SHA1 was disabled instead, because it conflicts with winSCP when GROUP1 SHA1 is disabled, which should have been the original request here, but someone apparently got confused.
Changed in current release (50906):
Support newer SSH key types? _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio