-
Notifications
You must be signed in to change notification settings - Fork 620
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please add some future-proof hostkey algorithm(s) #747
Comments
Adding support for the new U2F/FIDO keys would also be great (ideally both through NFC and USB). |
I've limited all my servers to modern crypto only. Believe it or not, but this inhibits many of the brute force attacs from the internet:
I no longer can connect via connectbot. Log says due to host key algorithm: ´ssh-ed25519`. I'm a little confused because this comment from @kruton seems to say, that ssh-ed25519 should be supported since 2016. But my server reports, that Connect Bot only offers
I understand that connectbot is very depending on upstream. Can anyone shed some light, what's missing? Thanks! |
Seconded |
I just updated my server to OpenSSH 8.8, which contains the promised disablement, and I'm now getting the same failure to connect, with |
Same here: |
I think this is probably due to key rotation not being fully supported and
no UI for deleting the existing keys.
Try removing the entry for the host and recreating it. Or simply adding
another host (pointing at the same server) and trying to connect with that.
|
Note: This has a pending work-around in #1105, it just needs to be merged. |
Agree. |
This might become a more and more imminent issue in the not too distant future. With recent openssh-8.2p1 release there's now the following release note:
So I tried to be proactive here and set this on all openssh servers I administer:
HostKeyAlgorithms [email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
But none of these algorithms are known by ConnectBot.
Please make at least one future proof algorithm available in ConnectBot.
The text was updated successfully, but these errors were encountered: