[Ach] OpenSSH

[Kurt Roeckx]

On Mon, Dec 30, 2013 at 11:45:19PM +0100, Aaron Zauner wrote:
> 
> On 30 Dec 2013, at 23:35, Kurt Roeckx <kurt at roeckx.be> wrote:
> > So one thing I've noticed is that for the KexAlgorithms, all the
> > ECC versions have been removed.  It's not really obvious why.  I'm
> > wondering if this is going to break for people using ECDSA keys,
> > or what the behavior in that case is going to be.
> > 
> > I can understand that for ssh ECDH is probably less important
> > since I assume most people do not get a lot of connections / second and
> > that they tend to be longer living than in https.
> 
> Yup. Simply because there are only NIST ECC curves available. Those have also been excluded by me for other critical infrastructure such as VPNs.
> 
> See: http://safecurves.cr.yp.to and discussions on the ML about ECC.

Thanks for the pointer, didn't know about that site yet.

Anyway, I just tried to see what happens when the server only has
an ECDSA host key and you try to connect with a client with the
proposed config:

debug1: kex: server->client aes256-gcm at openssh.com <implicit> none
debug1: kex: client->server aes256-gcm at openssh.com <implicit> none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY


Which looks the same as connecting to one with only an RSA key.

(Tested with 6.4p1 on both sides)


But I'm a little dissapointed by the debug info ssh is showing me.


Kurt