You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Lyor Goldstein (Jira)" <ji...@apache.org> on 2020/08/01 08:15:00 UTC

[jira] [Resolved] (SSHD-1004) Disable weak security settings

     [ https://issues.apache.org/jira/browse/SSHD-1004?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lyor Goldstein resolved SSHD-1004.
----------------------------------
    Fix Version/s: 2.6.0
       Resolution: Fixed

*Note(s)*:

* {{SshServerMain}} generates an ECDSA key by default instead of an RSA one unless overridden from command line options
* {{ssh-rsa}} signature was left in place even though it is a SHA-1 based mechanism - this was done since RSA keys are still widely used. However, a special notice has been posted in the project's README stating that some future version will remove this support from the default setup and encouraging users to migrate to other keys (e.g., ECDSA, ED25519).

> Disable weak security settings
> ------------------------------
>
>                 Key: SSHD-1004
>                 URL: https://issues.apache.org/jira/browse/SSHD-1004
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 2.4.0
>            Reporter: Lyor Goldstein
>            Assignee: Lyor Goldstein
>            Priority: Major
>              Labels: ssh
>             Fix For: 2.6.0
>
>
> [OpenSSH to deprecate SHA-1 logins due to security risk|https://www.zdnet.com/article/openssh-to-deprecate-sha-1-logins-due-to-security-risk/]
> Including {{hmac-md5, hmac-ripemd160}} and also {{ssh-rsa}} and {{ssh-dss}} key exchanges. For the time being we will not include them by default but leave the code in place in case users still need them



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org