Dropbear default ciphers, kex, key algorithms

I recently ran ssh-audit (v3.1.0, https://github.com/jtesta/ssh-audit) against a 14-day old openwrt snapshot. The ssh-audit flagged a few items. Unlike openssh, I can't find a runtime way of disabling these flagged algorithms. It appears that the only way to disable the methods is to recompile with some ifdefs turned off. Effectively users are stuck with whatever choices openwrt is delivered with. Would it be a good idea to err on the side of safety and turn off any of the items flaged with "fail" or "warn"?

$ ssh-audit -v
# ssh-audit v3.1.0, https://github.com/jtesta/ssh-audit
$ ssh-audit gw
# general
(gen) banner: SSH-2.0-dropbear
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: disabled

# key exchange algorithms
(kex) curve25519-sha256              -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
                                     `- [info] default key exchange since OpenSSH 6.4
(kex) curve25519-sha256@libssh.org   -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
                                     `- [info] default key exchange since OpenSSH 6.4
(kex) diffie-hellman-group14-sha256  -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
                                     `- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) kexguess2@matt.ucc.asn.au      -- [info] available since Dropbear SSH 2013.57
(kex) kex-strict-s-v00@openssh.com   -- [info] pseudo-algorithm that denotes the peer supports a stricter key exchange method as a counter-measure to the Terrapin attack (CVE-2023-48795)

# host-key algorithms
(key) ssh-ed25519                    -- [info] available since OpenSSH 6.5
(key) rsa-sha2-256 (2048-bit)        -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
                                     `- [info] available since OpenSSH 7.2
(key) ssh-rsa (2048-bit)             -- [fail] using broken SHA-1 hash algorithm
                                     `- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
                                     `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
                                     `- [info] deprecated in OpenSSH 8.8: https://www.openssh.com/txt/release-8.8

# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com  -- [info] available since OpenSSH 6.5
                                     `- [info] default cipher since OpenSSH 6.9
(enc) aes128-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes256-ctr                     -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

# message authentication code algorithms
(mac) hmac-sha2-256                  -- [warn] using encrypt-and-MAC mode
                                     `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56

# fingerprints
(fin) ssh-ed25519: SHA256:WfPl3LswLjrXcKmVSsXf2YyQaxUW5WftImJ0oJPeZls
(fin) ssh-rsa: SHA256:M9Fq6c3GstZR5VtyLKSXYi9qr47W7oo1NaXr2+3qGTA

# additional info
(nfo) Be aware that, while this target properly supports the strict key exchange method (via the kex-strict-?-v00@openssh.com marker) needed to protect against the Terrapin vulnerability (CVE-2023-48795), all peers must also support this feature as well, otherwise the vulnerability will still be present.  The following algorithms would allow an unpatched peer to create vulnerable SSH channels with this target: chacha20-poly1305@openssh.com.  If any CBC ciphers are in this list, you may remove them while leaving the *-etm@openssh.com MACs in place; these MACs are fine while paired with non-CBC cipher types.

Flagged what? Nonexistent CBC cipher?

Flagged bad and suspect things. As it says above:

`
(key) ssh-rsa (2048-bit) -- [fail] using broken SHA-1 hash algorithm
(kex) diffie-hellman-group14-sha256 -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
(key) rsa-sha2-256 (2048-bit) -- [warn] 2048-bit modulus only provides 112-bits of symmetric strength
(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode

`

You probably need to learn ways ifdef-s work, before compiling anything.

I wasn't compiling anything. I was talking about using stock OpenWRT as a normal use would. They aren't going to be compiling things. At most they might adjust run-time configs. Usually they will assume that factory defaults are factory recommendations and just leave things at the default settings.

If you start now with your PR to extend key and disable fail algorithm I think you can make it into next release. Think CentOS7 for current supported SSH....