SSH and FreeBSD-11

Matthew Seaman matthew at
Fri Mar 11 11:30:21 UTC 2016

On 03/11/16 10:01, Carmel wrote:
> On Fri, 11 Mar 2016 16:36:02 +0800, Jov stated:
>> > openssh in freebsd 11 will not generate dsa host key  any more,I
>> > have a pr about this.

> Thanks, I did not know it was a known issue. I had not read anything
> about it.

This site is quite instructive about where current SSH ciphers etc. have
known weaknesses:

DSA keys will have been deprecated because they only allow a 1024bit
modulus, and that's now known to be vulnerable to attack.  It takes
quite a well resourced attacker to do so right now, but Moore's law will
soon make that club a lot less exclusive.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list