On 07/08/16 12:43, Oliver Pinter wrote:
I was able to override this (somewhat unilateral, to my mind)
deprecation of the DH key exchange by using this option:
-oKexAlgorithms=+diffie-hellman-group1-sha1
You can add this option to /etc/ssh/ssh.conf or ~/.ssh/config too.
Can this at least be added (commented out, if you really want to enforce
this policy on users out-of-the-box) to the former file in FreeBSD
itself? And a note added to UPDATING?
Otherwise, it's almost as though those behind the change are assuming
that users will just know exactly what to do in their operational
situation. That's a good way to cause problems for folk using FreeBSD in
IT operations.
(systemd epitomises this kind of foot shooting.)
I understand already - you want to deprecate a set of key exchanges, and
believe in setting an example - but the rest of the world might not be
ready for that just yet.
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
