|
|
|
|
|
|
by hartmel
1233 days ago
|
|
|
Edit: my bad, +ssh-rsa refers to a signature algorithm using SHA1, which should not be used anymore. Target server host keys should be renewed, as told by riolu, thanks to him for pointing it. On debian-like, remove host keys and run dpkg-configure openssh-server. On redhat-like, remove host keys and restart sshd. --------------------------------------------- Not vulnerable, not a bad practice. Newer algorithms are faster (in practice not perceptible, people usually don't need state of the art performance for SSH connections), with smaller keys and probably better algorithms (not subject to side channel attacks, which are still hard to abuse) but RSA is not broken. It may be in a few years with quantum computing but it's still far to be sure. https://www.schneier.com/blog/archives/2021/03/no-rsa-is-not... updated last december. No need to rekey all accounts or servers, just switch to ecdsa or ed25519 progressively. |
|
|