dropbear (2022.83-1) unstable; urgency=medium
Support for ssh-dss (DSA) host and user keys is disabled by default at
compile-time. Such keys are considered insecure as they are only 1024
bits long and use the SHA-1 digest algorithm. Note that OpenSSH
disables support for such keys at run-time since 7.0/7.0p1.
-- Guilhem Moulin <guilhem@debian.org> Mon, 14 Nov 2022 22:16:35 +0100
dropbear (2020.79-1) unstable; urgency=low
dropbear 2020.79 includes a number of upstream changes that may affect
existing configurations:
* dropbear(8): X11 forwarding is disabled at compile time.
* dbclient(1), dropbear(8): 3DES support, as well as any cipher using
CBC mode, is disabled at compile time. Note that these ciphers are
also disabled - at run time - in OpenSSH's ssh(1) since 7.4 and 7.6
respectively.
On the other hand ChaCha20/Poly1305 support was added, so the cipher
proposal is now chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr,
which should be compatible with OpenSSH's ssh(1) 3.7 or later.
* dbclient(1), dropbear(8): hmac-sha1-96 support is disabled at
compile time. Note that this MAC (message authentication code)
algorithm is also disabled - at run time - in OpenSSH's ssh(1) since
7.2. The current MAC proposal is hmac-sha1,hmac-sha2-256, which
should be compatible with any OpenSSH version up to the current one
(8.3). Moreover MACs are not used with authenticated ciphers such
as ChaCha20/Poly1305.
* Use getrandom() call to ensure sufficient entropy has been gathered
at startup. Tests suggests that this doesn't lead to entropy
starvation, even at initramfs stage on a headless virtual machine
without RNG device. Please file a bug if that cause issues for you.
Moreover this release adds support for ed25519 host and user keys.
Like for other algorithms /etc/ssh/ssh_host_ed25519_key resp.
/etc/dropbear-initramfs/dropbear_ed25519_host_key will only be created
by the post-install script if no other host key file exist (for
instance on a fresh installation).
-- Guilhem Moulin <guilhem@debian.org> Tue, 16 Jun 2020 02:50:00 +0200
Generated by dwww version 1.15 on Thu Aug 28 22:47:48 CEST 2025.