Hi Michael, what do you think about my recent OpenSSH patches (not the version bumps) but enabling the sandbox per default (to use seccomp if available) and the switch from DSA to Ed25519. ArchLinux and current Debian both generate Ed25519 pubkeys by default and add them as HostKey to sshd_config. They keep DSA and ECDSA but as they fall apart completely if the random numbers used are not good, I am not sure this is a good idea for embedded systems where entropy is often very scarce. Ed25519 is not that sensitive to entropy problems.
Regards, Clemens -- ptxdist mailing list ptxdist@pengutronix.de