Hello,
used https://www.sshaudit.com/ + ssh-audit package
###
by default OpenBSD 6.6 ssh client (SSH-2.0-OpenSSH_8.1) has issues:
Host Key Types: nistp should be removed
Key Exchange Algorithms: nistp should be removed, also
diffie-hellman-group14-sha1: SHA-1 has exploitable weaknesses.
Message Authentication Codes: umac-64-...@openssh.com MAC uses small tag size.
+ hmac-sha1-...@openssh.com SHA-1 has exploitable weaknesses. +
umac...@openssh.com MAC uses small tag size. + hmac-sha1 SHA-1 has exploitable
weaknesses.
###
by default OpenBSD 6.6 sshd server (SSH-2.0-OpenSSH_8.1) has issues:
# key exchange algorithms
(kex) ecdh-sha2-nistp256-- [fail] using weak elliptic curves
(kex) ecdh-sha2-nistp384-- [fail] using weak elliptic curves
(kex) ecdh-sha2-nistp521-- [fail] using weak elliptic curves
# host-key algorithms
(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
###
are these real issues? nistp + weak macs. that are advised to be removed by
ssh-audit?
Googled misc archives, didn't found any discussion about these! (yet)
Many thanks.
