[Ach] openssh recommendataions: overview of algorithms in different versions

Martin Steigerwald martin at lichtvoll.de
Sun Nov 11 18:56:22 CET 2018

Hanno Böck - 11.11.18, 12:53:
> Here's my recommendation for OpenSSH algorithm security:
> Don't touch the default settings.

At least for Debian 9 ssh-audit complains about quite some insecure 
ciphers, MACs and key exchange algorithms if I leave the settings as 
default. Thus I changed them.

Thing: While upstream may have done the work to deprecate unsafe 
settings and remove them… there is a delay till this work hits stable 
distributions. For SLES and RHEL this may take even quite a bit longer 
than with Debian.

I'd rather not wait.


More information about the Ach mailing list