----- Original Message ----- > From: "Damien Miller" <djm@xxxxxxxxxxx> > To: "Scott Neugroschl" <scott_n@xxxxxxxxx> > Cc: "mancha" <mancha1@xxxxxxxx>, openssh-unix-dev@xxxxxxxxxxx > Sent: Friday, 14 February, 2014 1:10:17 AM > Subject: RE: 3des cipher and DH group size > > On Thu, 13 Feb 2014, Scott Neugroschl wrote: > > > >Hubert Kario <hkario <at> redhat.com> writes: > > > > > >> [SNIP] > > > > > >3. OpenSSH primitives should be confined to ensure interoperability > > > with implementations that are RFC non-compliant (e.g. cryptlib & > > > DH GEX & RFC 4419). > > > > > >What's the point of standards then? > > > > Maybe a ssh_config option for DH GEX group size, so that people like > > Hubert can configure SSH such implementations? While not ideal, it would provide at least some workaround not requiring recompilation of ssh. > > You can do this now by editing /etc/ssh/moduli Why should I edit system wide config file when I want to connect to one specific server?! > > Also KexAlgorithms=diffie-hellman-group14-sha1 not supported by the server -- Regards, Hubert Kario BaseOS QE Security team Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
