Displaying 20 results from an estimated 2000 matches similar to: "[Bug 3701] New: KexAlgorithms documentation is unclear as to default vs. supported distinction"
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
Hi all,
this is a patch to make Ciphers, MACs and KexAlgorithms available in
Match blocks. Now I can reach a -current machine with some Android
terminal app without changing the default ciphers for all clients:
Match Address 192.168.1.2
Ciphers aes128-cbc
MACs hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha1
Index: servconf.c
2015 Jan 07
4
[Bug 2333] New: forbid old Ciphers, KexAlgorithms and MACs by default
https://bugzilla.mindrot.org/show_bug.cgi?id=2333
Bug ID: 2333
Summary: forbid old Ciphers, KexAlgorithms and MACs by default
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee:
2020 Jun 19
9
[Bug 3184] New: Unable to add deprecated KexAlgorithms back for host via config file
https://bugzilla.mindrot.org/show_bug.cgi?id=3184
Bug ID: 3184
Summary: Unable to add deprecated KexAlgorithms back for host
via config file
Product: Portable OpenSSH
Version: 8.2p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: ssh
2024 Jan 25
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
Hi,
I am running the below servers on Red Hat Enterprise Linux release 8.7
(Ootpa). The details are as follows.
# rpm -qa | grep openssh
openssh-8.0p1-16.el8.x86_64
openssh-askpass-8.0p1-16.el8.x86_64
openssh-server-8.0p1-16.el8.x86_64
openssh-clients-8.0p1-16.el8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
#
How do I enable strong KexAlgorithms, Ciphers and
2024 Mar 24
6
[Bug 3673] New: -fzero-call-used-regs=used detection fails on Linux m68k with GCC 13
https://bugzilla.mindrot.org/show_bug.cgi?id=3673
Bug ID: 3673
Summary: -fzero-call-used-regs=used detection fails on Linux
m68k with GCC 13
Product: Portable OpenSSH
Version: 9.7p1
Hardware: 68k
URL: https://bugs.debian.org/1067243
OS: Linux
Status: NEW
Severity: normal
2024 Mar 25
16
[Bug 3674] New: Tracking bug for OpenSSH 9.8
https://bugzilla.mindrot.org/show_bug.cgi?id=3674
Bug ID: 3674
Summary: Tracking bug for OpenSSH 9.8
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at
2017 Jan 29
3
[Bug 2671] New: make possible to remove default ciphers/kexalgorithms/mac algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2671
Bug ID: 2671
Summary: make possible to remove default
ciphers/kexalgorithms/mac algorithms
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2024 Jan 25
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
Hi Kaushal,
I maintain a set of SSH hardening guides for various platforms,
including RHEL 8. You can find them here:
https://ssh-audit.com/hardening_guides.html
- Joe
--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
On Thu, 2024-01-25 at 18:39 +0530, Kaushal Shriyan wrote:
> Hi,
>
> I am running the below servers on Red Hat Enterprise
2015 May 23
2
Weak DH primes and openssh
> Can this be addressed in ssh_config/sshd_config with the KexAlgorithms setting?
weakdh.org/sysadmin.html recommends adding:
KexAlgorithms curve25519-sha256 at libssh.org
But this thread makes it sound as if it's not necessary. Can anyone
confirm? Personally I'm on openssh-6.7.
- Grant
> You will be aware of https://weakdh.org/ by now, I presume; the take-home seems to be
2024 Jan 27
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
BTW based on your output it looks like the DEFAULT policy is just fine,
If you really want to turn etm HMAC and chacha20 off, you should follow the RHEL security alert
https://access.redhat.com/security/cve/cve-2023-48795
cipher at SSH = -CHACHA20-POLY1305
ssh_etm = 0
by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy
2024 Mar 11
2
[Bug 3671] New: Improve PuTTY version detection
https://bugzilla.mindrot.org/show_bug.cgi?id=3671
Bug ID: 3671
Summary: Improve PuTTY version detection
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Regression tests
Assignee: unassigned-bugs at
2017 Jan 01
7
[Bug 2658] New: Make integrity tests more robust against timeouts
https://bugzilla.mindrot.org/show_bug.cgi?id=2658
Bug ID: 2658
Summary: Make integrity tests more robust against timeouts
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Regression tests
Assignee:
2006 Apr 19
4
DO NOT REPLY [Bug 3701] New: rsync_xal_set: lsetxattr system.posix_acl_default failed: Permission denied
https://bugzilla.samba.org/show_bug.cgi?id=3701
Summary: rsync_xal_set: lsetxattr system.posix_acl_default
failed: Permission denied
Product: rsync
Version: 2.6.7
Platform: x86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P3
Component: core
AssignedTo:
2016 Nov 08
2
one host only: ssh_dispatch_run_fatal
Darren Tucker <dtucker at zip.com.au> writes:
> On Tue, Nov 8, 2016 at 3:30 PM, Harry Putnam <reader at newsguy.com> wrote:
> [...]
>> After having 7.3p1 & 6.8p1 fail with same wording... I tried 6.7p1 and
>> find it fails with what looks like the same problem but has slightly
>> different wording.
>
> I set up the same versions (server:OpenSSH_6.6p1,
2015 Sep 10
3
[Bug 2461] New: Source IP missing in log when no suitable key exchange method found
https://bugzilla.mindrot.org/show_bug.cgi?id=2461
Bug ID: 2461
Summary: Source IP missing in log when no suitable key exchange
method found
Product: Portable OpenSSH
Version: 6.0p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
2024 Jan 26
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
On 25.01.24 14:09, Kaushal Shriyan wrote:
> I am running the below servers on Red Hat Enterprise Linux release 8.7
> How do I enable strong KexAlgorithms, Ciphers and MACs
On RHEL 8, you need to be aware that there are "crypto policies"
modifying sshd's behaviour, and it would likely be the *preferred*
method to inject your intended config changes *there* (unless they
2002 Dec 29
0
[Bug 459] New: ssh-keygen doesn't know how to export private keys
http://bugzilla.mindrot.org/show_bug.cgi?id=459
Summary: ssh-keygen doesn't know how to export private keys
Product: Portable OpenSSH
Version: 3.5p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh-keygen
AssignedTo: openssh-unix-dev at mindrot.org
2024 Jan 27
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
On Fri, Jan 26, 2024 at 7:24?PM Jochen Bern <Jochen.Bern at binect.de> wrote:
> On 25.01.24 14:09, Kaushal Shriyan wrote:
> > I am running the below servers on Red Hat Enterprise Linux release 8.7
> > How do I enable strong KexAlgorithms, Ciphers and MACs
>
> On RHEL 8, you need to be aware that there are "crypto policies"
> modifying sshd's behaviour,
2024 May 21
2
[Bug 3692] New: rekey.sh doesn't actually test different algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=3692
Bug ID: 3692
Summary: rekey.sh doesn't actually test different algorithms
Product: Portable OpenSSH
Version: 9.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Regression tests
2014 Apr 10
0
nistp256 preferred over ed25519
Hello,
Maybe I'm asking an already answered question, if yes I'm sorry to
bother you.
Why in default HostKeyAlgorithms settings is
ecdsa-sha2-nistp256-cert-v01 at openssh.com preferred over
ssh-ed25519-cert-v01 at openssh.com ?
For example in default settings for KexAlgorithms the
curve25519-sha256 at libssh.org is preferred over ecdh-sha2-nistp256.
Fedor
Defaults in openssh-6.6p1