On 2/12/22 16:02, Stephen Casner wrote:
You're right, this was a case of documentation not being updated to match the code. The update to WolfSSH 1.4.5 and WolfSSL 4.6.0 removed this restriction. That occurred a year ago (January 2021).
Perfect, thanks for the details.
That is also correct. I believe the code as currently configured requires an RSA key. I see "NO_DSA" included in the user_settings.h that might be OK to remove. Some of the configuration trimming was to save space and some was to avoid the need for the slow calculations.
I suspect RSA is the "best" WolfSSL 4.6.0 supports. And I'm ok with NO_DSA staying in effect: http://www.openssh.com/legacy.html OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use. PR #700 created. Craig