dropbear (2022.83-1) unstable; urgency=medium Support for ssh-dss (DSA) host and user keys is disabled by default at compile-time. Such keys are considered insecure as they are only 1024 bits long and use the SHA-1 digest algorithm. Note that OpenSSH disables support for such keys at run-time since 7.0/7.0p1. -- Guilhem Moulin Mon, 14 Nov 2022 22:16:35 +0100 dropbear (2020.79-1) unstable; urgency=low dropbear 2020.79 includes a number of upstream changes that may affect existing configurations: * dropbear(8): X11 forwarding is disabled at compile time. * dbclient(1), dropbear(8): 3DES support, as well as any cipher using CBC mode, is disabled at compile time. Note that these ciphers are also disabled - at run time - in OpenSSH's ssh(1) since 7.4 and 7.6 respectively. On the other hand ChaCha20/Poly1305 support was added, so the cipher proposal is now chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr, which should be compatible with OpenSSH's ssh(1) 3.7 or later. * dbclient(1), dropbear(8): hmac-sha1-96 support is disabled at compile time. Note that this MAC (message authentication code) algorithm is also disabled - at run time - in OpenSSH's ssh(1) since 7.2. The current MAC proposal is hmac-sha1,hmac-sha2-256, which should be compatible with any OpenSSH version up to the current one (8.3). Moreover MACs are not used with authenticated ciphers such as ChaCha20/Poly1305. * Use getrandom() call to ensure sufficient entropy has been gathered at startup. Tests suggests that this doesn't lead to entropy starvation, even at initramfs stage on a headless virtual machine without RNG device. Please file a bug if that cause issues for you. Moreover this release adds support for ed25519 host and user keys. Like for other algorithms /etc/ssh/ssh_host_ed25519_key resp. /etc/dropbear-initramfs/dropbear_ed25519_host_key will only be created by the post-install script if no other host key file exist (for instance on a fresh installation). -- Guilhem Moulin Tue, 16 Jun 2020 02:50:00 +0200