2017-11-03 14:17 GMT+01:00 Jacob Leifman <jacob.leif...@weymouthschools.org> :
> On Fri, Nov 3, 2017 at 8:37 AM, Janne Johansson <icepic...@gmail.com> > wrote: > >> 2017-11-03 5:06 GMT+01:00 Jacob Leifman <Jacob.Leifman@weymouthschools >> .org>: >> >>> >>> If your vendor, even with a <1y firmware still only can handle old and >> deprecated >> keysizes, you should not ask for everyone elses sshs to become worse, but >> rather >> > push the vendor to get up to speed, and since that will not work, you will >> have to >> resort to building older ssh and use that instead of the safer one that >> comes with >> the modern OS you upgraded to. >> >> I am not asking to lower anyone else's security or for SSH to "become > worse", I appreciate the default behavior being what it is. I am asking > about a way to have an explicit compatibility mode -- even if we are > successful at lobbying a behemoth like HP for an update, it will take time, > probably a lot of time. Nor is a chronically underfunded public school > district in the position to outright replace >$500K worth of switches that > do their primary duties without fail. Not having some kind of compatibility > mode, leaves me with choice of bad and worse. Typical K-12 management > neither understands tech nor can afford to divert funds to "frivolous" > upgrades. Their inevitable response is either "don't upgrade" or "choose > another product", a product that will not have even the basic security > level OpenBSD had say three years ago. > compat => https://www.openssh.com/openbsd.html scroll to the bottom, get one of the old versions and compile that. cost: $0 Probably same amount as HP paid to be able to have a deprecated sshd in their product. -- May the most significant bit of your life be positive.
