Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×

https and ssh enabled by default and update to support modern crypto for EdgeSwitch

Submitted by -
Status: New Idea

With the edge router this is already the case, the edge switch should be the same. With EdgeOS HTTPS is enabled with an auto generated 2048 bit SHA-256 cert and http -> https redirect, not the insecure manulaly generated 1024bit SHA-1 cert one has to specifically enable in edgeswitch. The EdgeSwtich should ship with secure defualts, not the very insecure defaults that take a fair amount of effort to try and make secure. SSH v1 should not be offered as an option, and the ability to use edsa or better ed25519 keys should be added. Disabling telnet by default would be a plus. 

Comments
by
on ‎08-14-2017 02:23 AM

Yes,

this would be really an improvement I'd like to see. I always wonder why someone still enables SSHv1 and telnet by default in these times. And it's really disappointing to see, that there's not much happening when it comes to modern and adequate security settings...

Best regards,

C5

by
on ‎08-15-2017 10:37 AM

The version of OpenSSH shipped in the lastest EdgeSwitch firmware does support edsa and ed25519 keys, it just hasn't been implemented in the GUI or CLI. 

by
on ‎08-18-2017 05:41 AM

What would be even better is allow overriding the HTTPS certificate from the configuration mode. We like to use a certificate signed by our internal Windows CA. We currently need to install it manually and then restart lighttpd.