[Ach] sshd_conf (Was: Recommending Blowfish in the ACH paper)
Aaron Zauner
azet at azet.org
Tue Nov 5 16:55:19 CET 2013
>> This moves our discussion about recommended fish from Blowfish to Twofish.
> Is twofish (or threefish) even supported in any ciphersuite?
Just remembered: that came up during discussion of the sshd configuration. I just checked; there is only blowfish available.
```
Ciphers
Specifies the ciphers allowed for protocol version 2. Multiple
ciphers must be comma-separated. The supported ciphers are
``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',
``
aes128-gcm at openssh.com'', ``aes256-gcm at openssh.com
'',
``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
and ``cast128-cbc''. The default is:
```
Also, we should specify the key exchange properly:
```
KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms. Multiple
algorithms must be comma-separated. The default is
``
curve25519-sha256 at libssh.org
'', ``ecdh-sha2-nistp256'',
``ecdh-sha2-nistp384'', ``ecdh-sha2-nistp521'',
``diffie-hellman-group-exchange-sha256'',
``diffie-hellman-group-exchange-sha1'',
``diffie-hellman-group14-sha1'', ``diffie-hellman-group1-sha1’'.
```
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131105/533baf1b/attachment.sig>
More information about the Ach
mailing list