Hi, Max Pyziur wrote: > But in the current world, tougher rather than looser encryption is better. With that in mind, instead of using older/weaker crypto on your Fedora host, you could use newer/stronger crypto from your CentOS 6 client¹. Something like: - Create an ECDSA key ssh-keygen -t ecdsa -b 384 - Set the HostKeyAlgorithms KexAlgorithms (on the command line or in an ssh config) KexAlgorithms ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ssh-rsa,ssh-dss ¹ The ECDSA/ECDH algorithms are supported in openssh >= 5.3p1-95.el6_5. Though CentOS 6 will be EOL in a little over a week. So using weak algorithms is one of the lesser problems if you're running such a system. :) -- Todd
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
