On 09/11/2015 08:44 AM, Chris Adams wrote:
Once upon a time, Alice Wonder <alice@xxxxxxxxxxxxxx> said:
They recommend setting the following:
KexAlgorithms curve25519-sha256@xxxxxxxxxx
I don't even see that directive in my sshd config to set it, I
suppose it may be one that is manually added when needed but I want
to verify it actually means something in CentOS 7 ssh.
Also I'm a little worried that maybe curve25519 is one of the curves
that Red Hat (and thus CentOS 7) doesn't support due to patent
concerns.
That is supported in the CentOS 7 version of OpenSSH. Look at the man
page for sshd_config and you'll see the KexAlgorithms option listed and
its valid values. You can always see what your exact copy and config of
OpenSSH are using by running "sshd -T".
However, if you set it as above, you would _only_ be able to connect
with that algorithm, and not all SSH clients support that (even for
example OpenSSH on CentOS 6).
Thanks - what I ended up doing is:
KexAlgorithms
curve25519-sha256@xxxxxxxxxx,diffie-hellman-group-exchange-sha256
Then I generated fresh 2048 and 4096 primes for the moduli file.
So far it seems all the ssh clients I have tried work.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
