Hi, On Tue, Dec 25, 2018 at 11:22:09AM +0100, Job Snijders wrote: > Already today Junos ships with an OpenSSH client (and server).
Yes, and it's an annoyance if you swap a device, replace the backuped
config, which does not contain the SSH host keys (so your SSH sessions break
with "KEY CHANGED! INSECURE!"). Now on JunOS it's actually possible
to get out and backup the SSH host keys (if slightly annoying) - other
platforms are worse.
> I'm not
> too worried 'heaps of crypto' will be added if the SSH path is picked.
I'm not so much worried about the code overhead but about crypto-associated
silliness. "Your perfectly-working setup will now stop working because
some crypto bit decided that it is considered insecure now, so it MUST
NOT BE ALLOWED to go on".
SSH is a prime example of that - you upgrade something, and then you
start adding things like "HostKeyAlgorithms +ssh-dss" all over the place
because previously-working scripts are falling apart.
And, see above, for SSH host keys...
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
