[Ach] SSH improvements
christian mock
cm at coretec.at
Sun Nov 17 16:51:25 CET 2013
On Sun, Nov 17, 2013 at 03:30:18PM +0100, Aaron Zauner wrote:
> On a second thought:
>
> We should not exclude Rhosts/RhostsRSAauthentication. A lot of people use pre-shared keys.
I'm not sure we should go into that type of question anyways, I think
it's out of scope for this paper.
What we could go into: remind admins that their ssh server and user
keys are probably rather old and only 1024 bits long... Shall we
recommend to not use DSA server keys at all?
Another issue section: why is “diffie-hellman-group14-sha1” excluded?
that is a 2048 bit exchange...
Also, how does one specify the DH key size for
diffie-hellman-group-exchange- sha256 and
diffie-hellman-group-exchange-sha1?
And what is the algorithm to actually negotiate a cipher? Because it
doesn't seem to depend on the order that you give in the "Cipher"
option.
cm.
--
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
http://heise.de/-1260559
.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
More information about the Ach
mailing list