Open GoogleCodeExporter opened 9 years ago
Not to derail this issue, but: can we extend this report to "please support the
new Ciphers and KexAlgorithms"? I.e. Debian/stable (7.7 at this moment) ships
with OpenSSH_6.6.1p1, which supports the following:
Ciphers
3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr,
aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, arcfour128,
arcfour256, arcfour, blowfish-cbc, cast128-cbc, and
chacha20-poly1305@openssh.com
MAC
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
umac-64-etm@openssh.com,umac-128-etm@openssh.com,
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
hmac-md5-96-etm@openssh.com,
hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-sha1-96,hmac-md5-96
KexAlgorithms
curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group-exchange-sha1,
diffie-hellman-group14-sha1,
diffie-hellman-group1-sha1
Thanks!
Original comment by ckujau
on 10 Jan 2015 at 10:29
I fully agree. OpenSSH 6.5 introduced a bunch of new ciphers and algorithms:
http://www.openssh.com/txt/release-6.5
See the current list here:
https://github.com/openssh/openssh-portable/blob/master/sshd_config.5#L734
Since the latest Snowden releases included OpenSSH
(http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-se
curity-a-1010361.html), there have been HOWTOs on hardening OpenSSH
configuration: https://stribika.github.io/2015/01/04/secure-secure-shell.html
Unfortunately, it seems ConnectBot development is rather stalled:
https://github.com/connectbot/connectbot/commits/master
Original comment by i...@zeromail.org
on 11 Jan 2015 at 11:59
I would like to have support for (mobile) access to my servers again, now that
I've configured them like this:
Ciphers chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
MACs
hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@o
penssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,u
mac-128@openssh.com
Curently, I get a hang upon trying to connect :-(
Original comment by gordon.p...@gmail.com
on 27 Feb 2015 at 10:48
Original issue reported on code.google.com by
i...@zeromail.org
on 28 Apr 2012 at 11:14