[Ach] More OpenSSH Hardening
Aaron Zauner
azet at azet.org
Wed Jan 7 16:38:04 CET 2015
Axel Hübl wrote:
> Hi,
>
> absolutely!
>
> coming back to the "moduli" part of OpenSSH: would you guys remove all
> "below 2000", too? That was my central question.
>
I'd not recommend to generate DH params on your own, we had this
discussion on this mailing list a couple of times now. There are known
problems with that. And if I see that these params are written to /tmp
I'm certain that we should not recommend that. :/
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150107/1dfe2c85/attachment.sig>
More information about the Ach
mailing list