Hi. The man pages for ssh_config and sshd_config don't reflect that chacha20-poly1305@xxxxxxxxxxx is now preferred over the AES family and others. This issue was reported by Kevin Korb on freenode's #openssh. Attached patch fixes. --mancha
From 1a8997883510ac845133e97f4e942c48d7c5b6b0 Mon Sep 17 00:00:00 2001 From: mancha security <mancha1@xxxxxxxx> Date: Thu, 2 Jul 2015 00:01:20 +0000 Subject: [PATCH] Update man pages (ssh_config and sshd_config) Reflect that chacha20-poly1305@xxxxxxxxxxx has been promoted to default cipher. Thanks to Kevin Korb for report. --- ssh_config.5 | 2 +- sshd_config.5 | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ssh_config.5 b/ssh_config.5 index 268a627..76a8263 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -410,9 +410,9 @@ chacha20-poly1305@xxxxxxxxxxx .Pp The default is: .Bd -literal -offset indent +chacha20-poly1305@xxxxxxxxxxx, aes128-ctr,aes192-ctr,aes256-ctr, aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx, -chacha20-poly1305@xxxxxxxxxxx, arcfour256,arcfour128, aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, aes192-cbc,aes256-cbc,arcfour diff --git a/sshd_config.5 b/sshd_config.5 index 5ab4318..a3fcec0 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -471,9 +471,9 @@ chacha20-poly1305@xxxxxxxxxxx .Pp The default is: .Bd -literal -offset indent +chacha20-poly1305@xxxxxxxxxxx, aes128-ctr,aes192-ctr,aes256-ctr, -aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx, -chacha20-poly1305@xxxxxxxxxxx +aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx .Ed .Pp The list of available ciphers may also be obtained using the -- 2.1.4
Attachment:
pgpgdmR1mzW4N.pgp
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev