[Ach] OpenSSH: hmac-ripemd160
respiranto
ach-list-member at respiranto.de
Wed Oct 11 18:27:46 CEST 2017
On 2017-10-09 14:17, Aaron Zauner wrote:
>
>> On 08 Oct 2017, at 05:12, respiranto <ach-list-member at respiranto.de> wrote:
>>
>> Hi,
>>
>> I just noted the (recommended) hmac-ripemd160 MAC having become excluded
>> from the list of possible MACs in the OpenSSH 7.6 release.
>>
>> Upgrading to OpenSSH 7.6, having enabled hmac-ripemd160, does cause sshd
>> to fail.
>>
>> Unfortunately I don't know of the right way to add this information to
>> the document. If a new configuration for 7.6 was to be created, I assume
>> more things should be thought about (such as the note about Curve25519
>> being supported since 6.6p1 requires). The simple alternative would be
>> to add another such note.
>
> That's true. With recent OpenSSH releases there isn't anything that needs to be changed from the defaults, IMO. The only thing may be hints to disable Password-based authentication among other things. There is an open Pull Request on GitHub regrding the topic/issue if you are interested in contributing: https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/133
That is, you would recommend not to set anything? Or rather to set the
defaults explicitly?
>
> Thanks,
> Aaron / azet
>
More information about the Ach
mailing list