Hello, used https://www.sshaudit.com/ + ssh-audit package
############################### by default OpenBSD 6.6 ssh client (SSH-2.0-OpenSSH_8.1) has issues: Host Key Types: nistp should be removed Key Exchange Algorithms: nistp should be removed, also diffie-hellman-group14-sha1: SHA-1 has exploitable weaknesses. Message Authentication Codes: umac-64-...@openssh.com MAC uses small tag size. + hmac-sha1-...@openssh.com SHA-1 has exploitable weaknesses. + umac...@openssh.com MAC uses small tag size. + hmac-sha1 SHA-1 has exploitable weaknesses. ############################### by default OpenBSD 6.6 sshd server (SSH-2.0-OpenSSH_8.1) has issues: # key exchange algorithms (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves # host-key algorithms (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves ############################### are these real issues? nistp + weak macs. that are advised to be removed by ssh-audit? Googled misc archives, didn't found any discussion about these! (yet) Many thanks.
