IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: diffie-hellman-group14-sha256 vs ssh-rsa and SHA-1



>> Yesterday, I ran into a server that [...]
> Is it publicly accessible anywhere?  Be interesting to see how other
> implementations respond to it...

Well, if all you want is one that ignores the REQUIREDs, github.com
will do; they offer (at least to me) only curve25519-sha256
curve25519-sha256%libssh.org@localhost ecdh-sha2-nistp256 ecdh-sha2-nistp384
ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256.

The one I mentioned, the one that also offers the -groupN-shaM
algorithms, is a temporary work machine, but, since it is accessible at
a globally routed IP, it's going to get probed anyway, and I don't see
any harm if some of those probes are non-malicious.  159.203.61.69.
(I'm told it's "a vanilla Ubuntu 20.04 server instance".  I find it
depressing that Ubuntu apparently ships with sshd ignoring those
REQUIREDs - and also depressing that it only barely surprises me.)

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B



Home | Main Index | Thread Index | Old Index