void: > +1 to this. Just the client. Maybe call it openssh-vuln? > > I can appreciate it being removed in base, in server. But there's > lots of otherwise-working gear around that only uses > ssh-dss or ssh-rsa. We only need the client.
ssh-rsa, i.e. RSA keys with a signature algorithm that uses SHA-1, is still supported in the latest OpenSSH, even if disabled by default. -- Christian "naddy" Weisgerber na...@mips.inka.de
