[Ach] OpenSSH settings

Aaron Zauner azet at azet.org
Fri Jan 3 22:54:46 CET 2014

On 03 Jan 2014, at 19:12, Andy Wenk <andy at nms.de> wrote:

> Hi everybody,
> here is my report for further examinations on this topic. I have the following sshd_config (as requested form Aaron):
> https://gist.github.com/andywenk/fa461dbaf2abf3442a3a
> As you can see, the three configuration paramaters Ciphers, MACs and KexAlgorithms are commented out. When activating the Ciphers solely and testing the configuration (  /usr/sbin/sshd -t) I get:
> /etc/ssh/sshd_config line 90: Bad SSH2 cipher spec 'aes256-gcm at openssh.com,aes128-gcm at openssh.com,aes256-ctr,aes128-ctr'.
> When activation MACs solely and testing the configuration I get:
> /etc/ssh/sshd_config line 93: Bad SSH2 mac spec 'umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160'.
> Finally, when activating KexAlgorithms solely and testing I get:
> /etc/ssh/sshd_config line 96: Bad SSH2 KexAlgorithms 'curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1'.
> So either I have a typo or something, because copying from the PDF is not possible, or my system can not deal with these or some of these settings. But as this is a quite new Ubuntu, I propose to add more information to the section 2.2.1 OpenSSH in the way, that a user can see on which machines this is working. 

Thanks. Could you try to just disable all @openssh.com and @libssh.org ciphers (just remove them as the comment in the openssh section states)?

These ciphers are very new to the OpenSSH distribution. Some might not work per default. They will soon.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140103/3d1cf17b/attachment.sig>

More information about the Ach mailing list