Mouse <mouse%Rodents-Montreal.ORG@localhost> writes: > I recently tried to ssh to a recently-installed Linux machine at work. > Algorithm negotiation failed. On turning on verbosity, this turned out > to be because, to edit the log down to relevant lines: > > remote banner string: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3 > ... > ssh: my algorithms: > ... > hk: ssh-rsa ssh-dss > ... > ssh: peer's algorithms (%=unrecognized, *=disabled): > ... > hk: %rsa-sha2-512 %rsa-sha2-256 %ecdsa-sha2-nistp256 %ssh-ed25519 > > Looking at 4253, the only algorithm for this list I see as REQUIRED is > ssh-dss (though ssh-rsa is RECOMMENDED). I've gone through the updates > I can find to 4253 (6668, 8268, 8308, 8332, 8709, 8758, 9142) and I > don't find anything removing ssh-dss from REQUIRED status. RFC 9142 seems like the right document to deprecate ssh-dss but it was forgotten. If we would update RFC 9142 now, I think it should be modified as follows: * MUST NOT ssh-dss * MUST rsa-sha2-256 * MUST curve25519-sha256 * MUST ed25519-sha256 I think it makes sense to have at least two MUST algorithms for a security protocol that are based on different mathematical properties. RSA-SHA256 and 25519-sha256 seems like popular and proven algorithms. /Simon
Attachment:
signature.asc
Description: PGP signature