On 1/22/2016 1:56 PM, Dag-Erling Smørgrav wrote: > Bryan Drewery <[email protected]> writes: >> I've used these in sshd_config and ssh_config to restore some removed >> functionality: >> >> Ciphers +blowfish-cbc,arcfour,aes128-cbc,3des-cbc >> KexAlgorithms +diffie-hellman-group1-sha1 > > Do you actually need these? Do you know of any clients or servers which > do not support any of the other ciphers and key exchange algorithms > which OpenSSH offers? > >> PubkeyAcceptedKeyTypes +ssh-dss,[email protected] >> HostkeyAlgorithms +ssh-dss,[email protected] > > These are already enabled. >
Right. I was suggesting an alternative method to modifying these upstream files and providing deprecated and potentially insecure functionality by default. -- Regards, Bryan Drewery
signature.asc
Description: OpenPGP digital signature
