[Ach] openssh recommendataions: overview of algorithms in different versions

[Sebastian]

Dear list,

to update our recommendations for openssh I collected the supported and
default settings for Ciphers, MACs and KexAlgorithms of various openssh
versions. Mostly from manpages.(debian.org|ubuntu.com) and a few systems
accessible to me.

As far as possible and reasonable I rearranged the algorithm names in
the defaults tables, without changing the order by inserting empty
fields. This was not possible everywhere, so there are columns with
different algos, but otherwise the table would be very wide.

If you have access to manpages from versions /other than these/ then
please send me the sections Ciphers, MACs and KexAlgorithms so I can add
them to the summarizing tables. These versions are covered currently:
 * 5.9 precise 12.04
 * 6.6 trusty 14.04
 * 6.7 jessie 8
 * 7.2 xenial 16.04
 * 7.4 centos 7.5
 * 7.4 stretch 9
 * 7.5 artful 17.10
 * 7.6 bionic 18.04
 * 7.7 cosmic 18.10
 * 7.8 tumbleweed
 * 7.9 debian unstable

I hope using the tables we can easier and better decide which setting to
use for which versions - and if we want to change the defaults at all.

For example hmac-ripemd160 is not supported in newer versions anymore,
but it is part of our recommendations.

Sebastian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20181111/80efd91e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2018-11-11-openssh-defaults-supported.tar.gz
Type: application/gzip
Size: 1380 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20181111/80efd91e/attachment.gz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20181111/80efd91e/attachment.sig>