| ▲ | Rebelgecko 5 days ago |
| I imagine the key exchange is just once per connection, right? So the overhead seems not too bad. Especially since I think a pretty large number of computers/hostnames that are ssh'able today will probably have the same root password if they're still connected to the internet 10-20 years from now |
|
| ▲ | singlow 5 days ago | parent | next [-] |
| So what person is running an SSH server and configuring it to use post-quantum crypto, but is using password Auth? Priorities are out-of-whack. Not that this is a bad thing, but first start using keys, then start rotating them regularly and then worry about theoretical future attacks. |
| |
| ▲ | djmdjm 5 days ago | parent [-] | | Those are completely disjoint threats. A captured SSH session should never be able to decrypted by an adversary regardless of whether it uses passwords or keys, or how weak the password is. |
|
|
| ▲ | SoftTalker 5 days ago | parent | prev [-] |
| root can't normally log in via ssh. Unless the default configuration is changed. |
| |
| ▲ | chasil 5 days ago | parent | next [-] | | In OpenSSH root cannot login. In TinySSH, which also implements the ntru exchange, root is always allowed. I don't know what the behavior is in Dropbear, but the point is that OpenSSH is not the only implementation. TinySSH would also enable you to quiet the warning on RHEL 7 or other legacy platforms. | |
| ▲ | petee 5 days ago | parent | prev [-] | | Fwiw some distros ask if you want root access enabled on install; I assume there's always some chance of it being enabled for install stuff and forgotten, or the user misreading and thinking it means any root access. |
|
