BTW: > On 11.11.2018, at 12:53, Hanno Böck <[email protected]> wrote: > > Hi, > > On Sun, 11 Nov 2018 12:31:34 +0100 > Sebastian <[email protected]> wrote: > >> to update our recommendations for openssh I collected the supported >> and default settings for Ciphers, MACs and KexAlgorithms of various >> openssh versions. Mostly from manpages.(debian.org|ubuntu.com) and a >> few systems accessible to me. > > Here's my recommendation for OpenSSH algorithm security: > Don't touch the default settings. > > The OpenSSH developers have been busy aggressively deprecating > everything that looks like fragile crypto over the past couple of > versions. They can do that, because the SSH ecosystem is much less > complex and the average users are more technical. (That doesn't mean it > hasn't caused breakage - I had to tell lots of people to update their > filezilla, putty and what else they use to connect to SSH.) > > This is kinda an ideal situation. You don't want people to look up > guides on how to best configure their crypto. You want good defaults. > This is difficult in the TLS space, because compatibility > considerations are complex and upstream projects are slow to adopt. But > with OpenSSH this is happening and the defaults are good. Don't tell > people to use anything else as long as they don't have very good > reasons for it.
I (mostly) agree with that. why “mostly”? For some reason the EtM (“*-etm-*” aka encrypt-then-mac) algorithms aren’t preferred in the standard config as shipped by OpenSSH upstream last time I took a look at it. Neither is UMAC which is also a very nice choice. Be aware that some distros don’t ship the upstream defaults but some variation that the package maintainer of that distro deems best-secure-for-everyone :) Aaron _______________________________________________ Ach mailing list [email protected] https://lists.cert.at/cgi-bin/mailman/listinfo/ach
