search

stribika / stribika.github.io

307 stars 33 forks source link

add HostKeyAlgorithms to ssh_config #19

Closed user318 closed 9 years ago

user318 commented 9 years ago

I think adding HostKeyAlgorithms to ssh_config is good idea too in this article: https://stribika.github.io/2015/01/04/secure-secure-shell.html

stribika commented 9 years ago

I tried that, when I found it in the source code but for some reason it didn't work. It's also not in the man page.

user318 commented 9 years ago

It's strange, because I found it in man page:

       HostKeyAlgorithms
              Specifies  the  protocol  version 2 host key algorithms that the
              client wants to use in order of  preference.   The  default  for
              this option is:
              ecdsa-sha2-nistp256-cert-v01@openssh.com,
              ecdsa-sha2-nistp384-cert-v01@openssh.com,
              ecdsa-sha2-nistp521-cert-v01@openssh.com,
              ssh-ed25519-cert-v01@openssh.com,
              ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
              ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
              ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
              ssh-ed25519,ssh-rsa,ssh-dss
              If hostkeys are known for the destination host then this default
              is modified to prefer their algorithms.

I have this in man ssh_config at least with this versions (ssh -V): OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 (NixOS) OpenSSH_6.6p1-hpn14v4, OpenSSL 1.0.1i 6 Aug 2014 (gentoo) OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014 (Ubuntu 14.04) and even: OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012 (Ubuntu 12.04)

stribika commented 9 years ago

Oh, that's because I was trying to add it to sshd_config instead of ssh_config. My brain just hasn't been the same lately.