On Sun, May 24, 2015 at 1:14 AM, Grant <emailgrant@xxxxxxxxx> wrote: > > Can this be addressed in ssh_config/sshd_config with the KexAlgorithms > setting? > > weakdh.org/sysadmin.html recommends adding: > > KexAlgorithms curve25519-sha256@xxxxxxxxxx > > But this thread makes it sound as if it's not necessary. Can anyone > confirm? Personally I'm on openssh-6.7. > There's 3 pieces of advice for OpenSSH there, and IMO two of them are bad including that one. Firstly the somewhat reasonable one: remove diffie-hellman-group1-sha1 from KexAlgorithms, ie KexAlgorithms curve25519-sha256@xxxxxxxxxx ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 That still means it'll break any implementation that doesn't do at least group14. I don't know of one, but it's possible. Of the other two suggestions: - having just curve25519-sha256@xxxxxxxxxx will break interop with anything that doesn't support it (and many don't) and doesn't buy you much since on the client side the stronger methods will get used by preference. - regenerating the moduli file is in itself not a bad idea, but the instructions given will result in a file that has only 2kbit groups, which will result in significantly *weaker* groups being used in many cases (eg OpenSSH will typically ask for 3kbit to 8kbit groups. The other possible action that IMO would be reasonable but is not listed: remove all of the 1kbit and 1.5kbit groups from the moduli file (or omitting them when regenerating). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev