Re: Heads-up: DSA key support being removed from OpenSSH

On 4/10/2025 10:23 PM, Brooks Davis wrote:
> On Thu, Apr 10, 2025 at 10:24:49PM +0000, Bjoern A. Zeeb wrote:
>> Is there any chance to keep an openssh (client) port (possibly with known
>> security risks)?
> It seems like it would be reasonable to keep a copy of the 9.8 client
> around more or less indefinitely.  Ideally tracking what ever fixes the
> longest lived, open Linux LTS is applying.
>
> Similarly we have an openssl-unsafe for connecting to old gear.
>
> I may be mistaken, but I believe security/putty's upstream takes the
> maximum compatibility approach.  If I'm correct, people may want to
> switch to it for these needs.
>
> For a security/openssh98 or similar we might want to do something

I for one GREATLY appreciate FreeBSD's commitment and thoughtfulness 
around POLA through the years, but I think this is a case where having a 
separate legacy DSA supporting ssh client is a reasonable path to take 
for those who need it (I include myself in that list).  I think it makes 
maintaining OpenSSH a little less brittle through minimizing the 
divergence in code from upstream.

     ---Mike