Alexandre Oliva via cfarm-users wrote:
I had some trouble accessing gcc210 and gcc211, because openssh on my
end wouldn't allow ssh-rsa host and authorized keys any more. I've
(insecurely) sorted that out with:
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa
in the host-specific part of .ssh/config, so the most immediate issue is
solved.
This is a pet peeve of mine: unless you have a citation for an actual
viable attack on RSA as used in SSH, or perhaps on the protocol SSH uses
for RSA-based authentication, this is *not* insecure at all and those
changed defaults indicate that either OpenSSH or your distribution is
doing something stupid.
I will also note that, in light of Snowden's whistleblowing,
particularly the efforts to weaken cryptographic standards, I find the
continued campaign against RSA in favor of elliptic curve systems at
least mildly suspicious. While I do not have knowledge of an actual
viable attack on any of the elliptic curve schemes, I do find the
promise of equivalent security with vastly shorter keys uncomfortably
close to a "something for nothing" promise.
-- Jacob
_______________________________________________
cfarm-users mailing list
cfarm-users@lists.tetaneutral.net
https://lists.tetaneutral.net/listinfo/cfarm-users
