Dear list, to update our recommendations for openssh I collected the supported and default settings for Ciphers, MACs and KexAlgorithms of various openssh versions. Mostly from manpages.(debian.org|ubuntu.com) and a few systems accessible to me.
As far as possible and reasonable I rearranged the algorithm names in the defaults tables, without changing the order by inserting empty fields. This was not possible everywhere, so there are columns with different algos, but otherwise the table would be very wide. If you have access to manpages from versions /other than these/ then please send me the sections Ciphers, MACs and KexAlgorithms so I can add them to the summarizing tables. These versions are covered currently: * 5.9 precise 12.04 * 6.6 trusty 14.04 * 6.7 jessie 8 * 7.2 xenial 16.04 * 7.4 centos 7.5 * 7.4 stretch 9 * 7.5 artful 17.10 * 7.6 bionic 18.04 * 7.7 cosmic 18.10 * 7.8 tumbleweed * 7.9 debian unstable I hope using the tables we can easier and better decide which setting to use for which versions - and if we want to change the defaults at all. For example hmac-ripemd160 is not supported in newer versions anymore, but it is part of our recommendations. Sebastian
2018-11-11-openssh-defaults-supported.tar.gz
Description: application/gzip
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ach mailing list [email protected] https://lists.cert.at/cgi-bin/mailman/listinfo/ach
