On Mon, 1 May 2017, Cristian Ionescu-Idbohrn wrote: > > Example, 'Macs'. > > On the man page I read: > > "Multiple algorithms must be comma-separated. > ... > If the specified value begins with a '-' character, then the > specified algorithms (including wildcards) will be removed" > > It seems that just one algo name is supported on such a line, example: > > Macs -umac-64* > > But this form is not supported: > > Macs -umac-64*,-hmac-sha1* > > nor is this: > > Macs -umac-64* > Macs -hmac-sha1* > > And I have difficulties in finding _one_ pattern that matches _only_ > the above algo families, but nothing else. > > Can you confirm this behaviour? Can it be improved? More observations. After doing one of the above in /etc/ssh/sshd_config: # sshd -tT | sort | egrep '^macs' macs umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx, hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx, umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 umac-64* is gone, but I can still use umac-64@xxxxxxxxxxx to login: $ ssh -oMacs=umac-64@xxxxxxxxxxx localhost Can you confirm this behaviour? Cheers, -- Cristian _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
