[Ach] openssh recommendataions: overview of algorithms in different versions
martin at lichtvoll.de
Sun Nov 11 18:56:22 CET 2018
Hanno Böck - 11.11.18, 12:53:
> Here's my recommendation for OpenSSH algorithm security:
> Don't touch the default settings.
At least for Debian 9 ssh-audit complains about quite some insecure
ciphers, MACs and key exchange algorithms if I leave the settings as
default. Thus I changed them.
Thing: While upstream may have done the work to deprecate unsafe
settings and remove them… there is a delay till this work hits stable
distributions. For SLES and RHEL this may take even quite a bit longer
than with Debian.
I'd rather not wait.
More information about the Ach