Add MACs line for Heroku

stribika / stribika.github.io

307 stars 33 forks source link

Add MACs line for Heroku #22

Closed colindean closed 9 years ago

colindean commented 9 years ago

Looks like Heroku supports only hmac-sha1,hmac-md5.

no matching mac found: client hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com server hmac-sha1,hmac-md5

colindean commented 9 years ago

This works for me:

Host heroku.com
  MACs hmac-sha1,hmac-md5
  IdentitiesOnly yes
  KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1

Not sure if that's as secure as it could be.

stribika commented 9 years ago

I added it to the wiki page with the difference of trying literally everything before resorting to these algorithms. Heroku may upgrade its servers later and you could end up using 1024 bit DH because of your own config.

colindean commented 9 years ago

:beers: thanks, @stribika, perhaps @changetip will afford you a beer on me.

changetip commented 9 years ago

Hi @stribika, @colindean sent you a Bitcoin tip worth a beer (16,391 bits/$3.50), and I'm here to deliver it ➔ collect your tip.

Learn more about ChangeTip

stribika commented 9 years ago

Thank you.