Yamakaky
commented
7 years ago Yeah, something like https://mozilla.github.io/server-side-tls/ssl-config-generator (cli only, of course) would be very handy
Open goranpejovic opened 7 years ago
Yamakaky
commented
7 years ago Yeah, something like https://mozilla.github.io/server-side-tls/ssl-config-generator (cli only, of course) would be very handy
bajtpop
commented
7 years ago +1
egberts
commented
2 years ago This is a semi hard problem.
It pertains to various vendors who make their own SSH server and their constant renaming of various aspect of SSH KeX, ciphers, MAC, and cipher suite that are being sent/received over the SSH control channel plane.
I should know, I audit some of the vendors.
And this tool isn't the place to start adding multi-versioning of various config settings used by the SSH control channel across several SSH vendors, just to get to these proper setting.
I mean, we could do it (like I am doing with named.conf for ISC Bind9 in Python3) but it is explosively huge and this is bash script language.
Very neat tool, thanks for making it!
I think it would be neat to have a flag which would output 'good' sshd_config config line. Something that crossed my mind while I was testing my ssh servers.
Thanks, G