Re: [EC]DH KEx and how to restrict ssh/sshd to secure(er) DH parameters

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, 2014-10-23 at 11:58 +0200, Daniel Kahn Gillmor wrote: 
> Christoph is pointing out that the client might actually have a way to
> verify that the group is strong.
Well that's even already one step ahead, my main point was, that right
now I have (AFAIU) not really a chance to disallow weak groups (in the
sense of size) at both sides - server and client.

OpenSSH's ssh will accept 1024 (which I personally would feel more
comfortable if I could harden it, and e.g. only selectively allow
smaller groups for older server's I'm speaking to).
And AFAIU Christian, the server will always fall back to the 2048bit
group from diffie-hellman-group14-sha1, even if I "harden" my sshd's
moduli file by removing all smaller groups.


But really checking the moduli goes already one step further.

Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux