On 1/22/2016 1:56 PM, Dag-Erling Smørgrav wrote: > Bryan Drewery <bdrew...@freebsd.org> writes: >> I've used these in sshd_config and ssh_config to restore some removed >> functionality: >> >> Ciphers +blowfish-cbc,arcfour,aes128-cbc,3des-cbc >> KexAlgorithms +diffie-hellman-group1-sha1 > > Do you actually need these? Do you know of any clients or servers which > do not support any of the other ciphers and key exchange algorithms > which OpenSSH offers? > >> PubkeyAcceptedKeyTypes +ssh-dss,ssh-dss-cert-...@openssh.com >> HostkeyAlgorithms +ssh-dss,ssh-dss-cert-...@openssh.com > > These are already enabled. >
Right. I was suggesting an alternative method to modifying these upstream files and providing deprecated and potentially insecure functionality by default. -- Regards, Bryan Drewery
signature.asc
Description: OpenPGP digital signature
