[Ach] OpenSSH
Kurt Roeckx
kurt at roeckx.be
Wed Jan 1 13:21:31 CET 2014
On Mon, Dec 30, 2013 at 11:45:19PM +0100, Aaron Zauner wrote:
>
> On 30 Dec 2013, at 23:35, Kurt Roeckx <kurt at roeckx.be> wrote:
> > So one thing I've noticed is that for the KexAlgorithms, all the
> > ECC versions have been removed. It's not really obvious why. I'm
> > wondering if this is going to break for people using ECDSA keys,
> > or what the behavior in that case is going to be.
> >
> > I can understand that for ssh ECDH is probably less important
> > since I assume most people do not get a lot of connections / second and
> > that they tend to be longer living than in https.
>
> Yup. Simply because there are only NIST ECC curves available. Those have also been excluded by me for other critical infrastructure such as VPNs.
>
> See: http://safecurves.cr.yp.to and discussions on the ML about ECC.
Thanks for the pointer, didn't know about that site yet.
Anyway, I just tried to see what happens when the server only has
an ECDSA host key and you try to connect with a client with the
proposed config:
debug1: kex: server->client aes256-gcm at openssh.com <implicit> none
debug1: kex: client->server aes256-gcm at openssh.com <implicit> none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Which looks the same as connecting to one with only an RSA key.
(Tested with 6.4p1 on both sides)
But I'm a little dissapointed by the debug info ssh is showing me.
Kurt
More information about the Ach
mailing list