search for: parentalistic

...s if you need them, but RSA768 has actually been demonstrated to be broken with an academic team factoring a key back in 2009 at a work factor that is easily reachable by a medium botnet or cloud service. Adding a switch to turn these back on would be IMO irresponsible. If you think this is overly parentalistic and that an experienced admin is the one best equipped to assess risk, then I'd direct said experienced admin to the the SSH_RSA_MINIMUM_MODULUS_SIZE definition in sshkey.h that they can adjust themselves. -d

All, I occasionally manage some APC PDU devices. I manage them via a VPN, which enforces super-heavy crypto, and their access is restricted to only jumphosts and the VPN. Basically, the only time you need to log into these is when you go to reboot something that's down. Their web UI with SSL doesn't work with modern browsers. Their CPU is...tiny, and their SSHd implementation