On 2017-10-09 14:17, Aaron Zauner wrote: > >> On 08 Oct 2017, at 05:12, respiranto <[email protected]> wrote: >> >> Hi, >> >> I just noted the (recommended) hmac-ripemd160 MAC having become excluded >> from the list of possible MACs in the OpenSSH 7.6 release. >> >> Upgrading to OpenSSH 7.6, having enabled hmac-ripemd160, does cause sshd >> to fail. >> >> Unfortunately I don't know of the right way to add this information to >> the document. If a new configuration for 7.6 was to be created, I assume >> more things should be thought about (such as the note about Curve25519 >> being supported since 6.6p1 requires). The simple alternative would be >> to add another such note. > > That's true. With recent OpenSSH releases there isn't anything that needs to > be changed from the defaults, IMO. The only thing may be hints to disable > Password-based authentication among other things. There is an open Pull > Request on GitHub regrding the topic/issue if you are interested in > contributing: > https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/133
That is, you would recommend not to set anything? Or rather to set the defaults explicitly? > > Thanks, > Aaron / azet > _______________________________________________ Ach mailing list [email protected] https://lists.cert.at/cgi-bin/mailman/listinfo/ach
