[Ach] OpenSSH on RHEL

[Martin Schuster (IFKL IT OS DC CD)]

Currently the paper suggests settings for OpenSSH 6.4 and 6.0,
but the last 2 Red Hat Enterprise Linux's (5 and 6) ship
OpenSSH 4.3p2 and 5.3p1, respectively.

Do you have any recommendations for those ancient versions?

Excerpts from sshd_config(5):


RHEL5 (OpenSSH 4.3p2):
Ciphers
         Specifies the ciphers allowed for protocol version 2.
         Multiple ciphers must be comma-separated.  The sup-
         ported ciphers are "3des-cbc", "aes128-cbc",
         "aes192-cbc", "aes256-cbc", "aes128-ctr",
         "aes192-ctr", "aes256-ctr", "arcfour128",
         "arcfour256", "arcfour", "blowfish-cbc", and
         "cast128-cbc".  The default is

           ''aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
             aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
             aes256-cbc,arcfour''

MACs    Specifies the available MAC (message authentication
         code) algorithms.  The MAC algorithm is used in pro-
         tocol version 2 for data integrity protection.  Mul-
         tiple algorithms must be comma-separated.  The
         default is
         "hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96".


RHEL6 (OpenSSH 5.3p1):
Ciphers
        [same as for RHEL5]

MACs    Specifies the available MAC (message authentication
         code) algorithms.  The MAC algorithm is used in pro-
         tocol version 2 for data integrity protection.  Mul-
         tiple algorithms must be comma-separated.  The
         default is:

               hmac-md5,hmac-sha1,umac-64 at openssh.com,
               hmac-ripemd160,hmac-sha1-96,hmac-md5-96


tia, cheers,
-- 
Infineon Technologies IT-Services GmbH     Martin.Schuster1 at infineon.com
Lakeside B05, 9020 Klagenfurt, Austria     Martin Schuster
          FB: LG Klagenfurt, FN 246787y     +43 5 1777 3517