On Fri, 6 Jun 2014, Armin Wolfermann wrote: > Hi all, > > this is a patch to make Ciphers, MACs and KexAlgorithms available in > Match blocks. Now I can reach a -current machine with some Android > terminal app without changing the default ciphers for all clients: > > Match Address 192.168.1.2 > Ciphers aes128-cbc > MACs hmac-sha1 > KexAlgorithms diffie-hellman-group-exchange-sha1 Unfortunately, this a a bit confusing - some Match criteria only work after key exchange has completed. If users try something like Match user djm Ciphers aes128-cbc then it will never work. For this reason, we've made any any sshd_config directives that must be applied before key exchange available by Match. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
