nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqalqrefce2rehnhhqru9q2jdlvjkw3sd742y8fmnt7e5x9grgdslqetvm0w As far as I can see there is a startup script that loads RSA keys from the config (I h...
@nprofile1q... so basically you end up with the same global immutable ECC keys and you can roll the RSA key.
So if you configure your client to only authenticate with RSA, everything is fine. But if you prefer ECC by default (as OpenSSH does) anyone who's dumped the firmware from the same model of switch can MITM you.
So if you configure your client to only authenticate with RSA, everything is fine. But if you prefer ECC by default (as OpenSSH does) anyone who's dumped the firmware from the same model of switch can MITM you.
1
