Re: diffie-hellman-group14-sha256 vs ssh-rsa and SHA-1

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: diffie-hellman-group14-sha256 vs ssh-rsa and SHA-1
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Sun, 11 Apr 2021 09:54:02 -0400 (EDT)

>> Yesterday, I ran into a server that [...]
> Is it publicly accessible anywhere?  Be interesting to see how other
> implementations respond to it...

Well, if all you want is one that ignores the REQUIREDs, github.com
will do; they offer (at least to me) only curve25519-sha256
curve25519-sha256%libssh.org@localhost ecdh-sha2-nistp256 ecdh-sha2-nistp384
ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256.

The one I mentioned, the one that also offers the -groupN-shaM
algorithms, is a temporary work machine, but, since it is accessible at
a globally routed IP, it's going to get probed anyway, and I don't see
any harm if some of those probes are non-malicious.  159.203.61.69.
(I'm told it's "a vanilla Ubuntu 20.04 server instance".  I find it
depressing that Ubuntu apparently ships with sshd ignoring those
REQUIREDs - and also depressing that it only barely surprises me.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: diffie-hellman-group14-sha256 vs ssh-rsa and SHA-1
  - From: Peter Gutmann

References:
- diffie-hellman-group14-sha256 vs ssh-rsa and SHA-1
  - From: Mouse
- Re: diffie-hellman-group14-sha256 vs ssh-rsa and SHA-1
  - From: Peter Gutmann

Prev by Date: Re: diffie-hellman-group14-sha256 vs ssh-rsa and SHA-1
Next by Date: Re: diffie-hellman-group14-sha256 vs ssh-rsa and SHA-1
Previous by Thread: Re: diffie-hellman-group14-sha256 vs ssh-rsa and SHA-1
Next by Thread: Re: diffie-hellman-group14-sha256 vs ssh-rsa and SHA-1
Indexes:

Home | Main Index | Thread Index | Old Index