2017-11-03 5:06 GMT+01:00 Jacob Leifman <jacob.leif...@weymouthschools.org>:
> I was finally able to bring our OpenBSD based Network Management System up > to the current OS release (it was a couple of years out of date) but this > process broke access to a large number of older HP switches on our network. > > But this breaks the use of SSH client leaving little recourse other > than perhaps telnet with NO encryption instead of somewhat weak encryption, > as the "server" is outside of our control. (I already checked that we have > the latest firmware, less than one year old.) > > Is this an oversight or is there a particular logic to intentionally > breaking compatibility with a not-insignificant base of installed > equipment? > > If your vendor, even with a <1y firmware still only can handle old and deprecated keysizes, you should not ask for everyone elses sshs to become worse, but rather push the vendor to get up to speed, and since that will not work, you will have to resort to building older ssh and use that instead of the safer one that comes with the modern OS you upgraded to. Same goes for browsers and https, the bad parts of SSL/TLS gets weeded out in browsers so that the majority of users are safe, not kept to cater to the lowest common denominator of the laziest vendor still alive. You should be asking HP how come they can't keep the free sshd code updated, if security is your prime concern, not ask openbsd to lower everyone elses security. -- May the most significant bit of your life be positive.