From e5e6b6c1b85ea28471468e659a5e8a4a69fbe6c2 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Thu, 10 Nov 2022 14:29:08 +0800 Subject: [PATCH] Add DROPBEAR_RSA_SHA1 as a visible config option --- default_options.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/default_options.h b/default_options.h index 6207f2e..1b5aede 100644 --- a/default_options.h +++ b/default_options.h @@ -131,6 +131,11 @@ IMPORTANT: Some options will require "make clean" after changes */ * * See: RSA_PRIV_FILENAME and DSS_PRIV_FILENAME */ #define DROPBEAR_RSA 1 +/* Newer SSH implementations use SHA256 for RSA signatures. SHA1 + * support is required to communicate with some older implementations. + * It will be removed in future due to SHA1 insecurity, it can be + * disabled with DROPBEAR_RSA_SHA1 set to 0 */ +#define DROPBEAR_RSA_SHA1 1 /* DSS may be necessary to connect to some systems but is not * recommended for new keys (1024 bits is small, and it uses SHA1).