[Ach] More OpenSSH Hardening
axel.huebl at web.de
Wed Jan 7 17:57:08 CET 2015
The thing is: on my standard debian testing the file /etc/ssh/moduli
already existed anyway and contains size < 2000 moduli.
I am not talking about recreation of the whole file but just the
"tampering" (removal) of these values. A stupid idea, too?
On 07.01.2015 16:38, Aaron Zauner wrote:
> Axel Hübl wrote:
>> coming back to the "moduli" part of OpenSSH: would you guys remove all
>> "below 2000", too? That was my central question.
> I'd not recommend to generate DH params on your own, we had this
> discussion on this mailing list a couple of times now. There are known
> problems with that. And if I see that these params are written to /tmp
> I'm certain that we should not recommend that. :/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: OpenPGP digital signature
More information about the Ach