On 02/01/18 11:38, Damien Miller wrote:
If you think this is overly parentalistic and that an experienced admin is the one best equipped to assess risk, then I'd direct said experienced admin to the the SSH_RSA_MINIMUM_MODULUS_SIZE definition in sshkey.h that they can adjust themselves.
It is overly paternalistic, to use your word, because it's saying that the user can't be trusted to not use a weak cipher in only those cases where that's the only cipher available. It's saying that the only acceptable access to said industrial equipment is no access.
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev