Thread: K4 USBNet - No Matching Key Exchange. Their offer: diffie-hellman-group1-sha1
View Single Post
Old 05-24-2024, 09:38 AM   #3
ratinox
Guru
ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.
 
Posts: 800
Karma: 11053908
Join Date: Oct 2016
Location: Somewhere in Time
Device: Forma, iPad Mini
TL;DR: use RSA if you need portable keys, ED25519 otherwise.

Nit-pick, but the problem isn't RSA which is still secure for larger keys (2048 bit and 4096 bit). Anything smaller than 2048 bit is generally discouraged. ED25519 is preferred when available. At this time, ED25519 appears to be more secure and faster than RSA, though RSA is technically stronger given the larger key sizes.

The real problem here is DSA which has been deprecated and disabled by OpenSSH for almost a decade now due to its general weakness, and will be entirely removed from OpenSSH source code next year. You can read more here:
https://www.openssh.com/legacy.html

Note: your distribution maintainers may have taken steps to remove DSA in advance of the formal removal.
ratinox is offline   Reply With Quote