planning for deprecations

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

    I have a few servers where a lot of different client implementation connect and I want to proactively see who will break as certain key exchange protocols and ciphers get deprecated (e.g. rsa-sha1).  One thing that would be helpful, and perhaps this could be changed going forward is setting the loglevel to verbose from debug ? e.g. something like this would make planning / migration a little easier for admins without having to go full debug level, which brings in a lot more data than necessary. (diff is from FreeBSD's RELENG_12 copy, but the idea is the same)

--- crypto/openssh/kex.c.prev   2021-10-14 06:50:53.862633000 -0400
+++ crypto/openssh/kex.c        2021-10-14 06:51:20.902653000 -0400
@@ -761,7 +761,7 @@

        k->name = match_list(client, server, NULL);

-       debug("kex: algorithm: %s", k->name ? k->name : "(no match)");
+       verbose("kex: algorithm: %s", k->name ? k->name : "(no match)");
        if (k->name == NULL)
                return SSH_ERR_NO_KEX_ALG_MATCH;
        if ((kexalg = kex_alg_by_name(k->name)) == NULL)
@@ -777,7 +777,7 @@
 {
        k->hostkey_alg = match_list(client, server, NULL);

-       debug("kex: host key algorithm: %s",
+       verbose("kex: host key algorithm: %s",
            k->hostkey_alg ? k->hostkey_alg : "(no match)");
        if (k->hostkey_alg == NULL)
                return SSH_ERR_NO_HOSTKEY_ALG_MATCH;
@@ -892,7 +892,7 @@
                        peer[ncomp] = NULL;
                        goto out;
                }
-               debug("kex: %s cipher: %s MAC: %s compression: %s",
+               verbose("kex: %s cipher: %s MAC: %s compression: %s",
                    ctos ? "client->server" : "server->client",
                    newkeys->enc.name,
                    authlen == 0 ? newkeys->mac.name : "<implicit>",


    ---Mike


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux