So it's been a while this bug was discussed, and even more since when it
was opened.
Things have changed, since. SHA-1 has been retired in OpenSSH 7, for
example...
Is this still relevant?
taggart, how did you generate those nice tables, can you make them
again? :)
On 2015-09-10 16:19:21, Matt Taggart wrote:
> I was interested in what crypto features the ssh in each Debian release
> supported, to see what disabling some would mean, so I gathered the info.
> Let me know if you see any errors.
>
> Current versions of openssh as of Sept 10, 2015:
>
> | squeeze-lts | 1:5.5p1-6+squeeze6 |
> |wheezy | 1:6.0p1-4+deb7u2 |
> |jessie | 1:6.7p1-5 |
> | stretch | 1:6.9p1-1 |
> | sid | 1:6.9p1-2 |
>
> Tables of crypto features that the openssh in each release of Debian
> supports. Gathered with ssh -Q(jessie and newer), ssh_config(5) and
> source(wheezy and squeeze). (These will look better with a fixed width font)
>
> Key types
> | sq | wh | je | st | si | type |
> =
> | X | X | X | X | X | ssh-rsa |
> | X | X | X | X | X | ssh-dss |
> | X | X | X | X | X | ssh-rsa-cert-...@openssh.com |
> | X | X | X | X | X | ssh-dss-cert-...@openssh.com |
> | X | X | X | X | X | ssh-rsa-cert-...@openssh.com |
> | X | X | X | X | X | ssh-dss-cert-...@openssh.com |
> || X | X | X | X | ecdsa-sha2-nistp256 |
> || X | X | X | X | ecdsa-sha2-nistp384 |
> || X | X | X | X | ecdsa-sha2-nistp521 |
> || X | X | X | X | ecdsa-sha2-nistp256-cert-...@openssh.com |
> || X | X | X | X | ecdsa-sha2-nistp384-cert-...@openssh.com |
> || X | X | X | X | ecdsa-sha2-nistp521-cert-...@openssh.com |
> ||| X | X | X | ssh-ed25519 |
> ||| X | X | X | ssh-ed25519-cert-...@openssh.com |
>
>
> KexAlgorithms
> | sq | wh | je | st | si | type |
> =
> | X | X | X || X | diffie-hellman-group-exchange-sha256 |
> | X | X | X || X | diffie-hellman-group-exchange-sha1 |
> | X | X | X || X | diffie-hellman-group14-sha1 |
> | X | X | X || X | diffie-hellman-group1-sha1 |
> || X | X || X | ecdh-sha2-nistp256 |
> || X | X || X | ecdh-sha2-nistp384 |
> || X | X || X | ecdh-sha2-nistp521 |
> ||| X || X | curve25519-sha...@libssh.org |
>
> Ciphers
> | sq | wh | je | st | si | type |
> ==
> | X | X | X | X | X | aes128-ctr|
> | X | X | X | X | X | aes192-ctr|
> | X | X | X | X | X | aes256-ctr|
> | X | X | X | X | X | arcfour |
> | X | X | X | X | X | arcfour256|
> | X | X | X | X | X | arcfour128|
> | X | X | X | X | X | aes128-cbc|
> | X | X | X | X | X | 3des-cbc |
> | X | X | X | X | X | blowfish-cbc |
> | X | X | X | X | X | cast128-cbc |
> | X | X | X | X | X | aes192-cbc|
> | X | X | X | X | X | aes256-cbc|
> ||| X | X | X | aes128-...@openssh.com|
> ||| X | X | X | aes256-...@openssh.com|
> ||| X | X | X | chacha20-poly1...@openssh.com |
> ||| X | X | X | rijndael-...@lysator.liu.se |
>
> MACs
> | sq | wh | je | st | si | type |
> =
> | X | X | X | X | X| hmac-md5 |
> | X | X | X | X | X| hmac-sha1 |
> | X | X | X | X | X| umac...@openssh.com|
> | X | X | X | X | X| hmac-ripemd160 |
> | ? | X | X | X | X| hmac-ripemd...@openssh.com |
> | X | X | X | X | X| hmac-sha1-96 |
> | X | X | X | X | X| hmac-md5-96|
> | X | X | X | X | X| hmac-sha2-256 |
> | X | X ||| | hmac-sha2-256-96 | *
> | X | X | X | X | X| hmac-sha2-512 |
> | X | X ||| | hmac-sha2-512-96 | *
> ||| X | X | X| umac-64-...@openssh.com|
> ||| X | X | X| umac-128-...@openssh.com |
> ||| X | X | X| hmac-sha2-256-...@openssh.com |
> ||
