Gluon: enable more secure SSH algorithms und ciphers for dropbear

This is not critical as SSH is not used on Gluon by default. If OpenWrt decides to merge thoses patches, they'll make it into Gluon eventually.

I don't think @tcatm's argument is valid, as SSH many people use SSH with Gluon. We do so ourselves and we recommend others to do so.

The more interesting question is if the patch is important enough to include it even though OpenWrt hasn't so far. In my opionion it isn't, as HMAC-SHA1 is much stronger than SHA1 itself. Even HMAC-MD5 is considered quite secure despite MD5's weaknesses, with HMAC-SHA1 we'll be fine for many years.

So I agree with @tcatm's opinion to wait until these patches make it into OpenWrt.

time has passed, but current gluon versions dropbear still doesn't support modern cryptography?
also, this doesn't affect only MAC, but also KeyExchange, curve25519 or sha256 aren't supported there, either...

OpenWrt has enabled curve25519-sha256 by default since January, so I think we should backport that change now.

curve25519-sha256 support is backported now.

I have just tried to use my ssh-ed25519 key, but I was unable to log in. Is it supported?

@nomaster: no, ed25519 is not supported at all by the current dropbear version 2016.74, I don't know if it is in development. Also, we use the default dropbear config from LEDE, which disables ECDSA using the NIST curves to save space.

curve25519-sha256 is supported as a key exchange method, but that's as far as ECC support goes at the moment.

Dropbear supports ed25519 since 05.2020:
https://github.com/mkj/dropbear/pull/91

Release Notes:
https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2020.79

OpenWRT Master (not released) is supporting it
https://github.com/openwrt/openwrt/blob/master/package/network/services/dropbear/Makefile

it is very unlikely that we will backport this. The OpenWrt team plans to do a new release soon and then we will benefit from those changes.