This hurts interoperability but everyone uses OpenSSH anyway.įortunately, downgrade attacks are not possible because the supported algorithm lists are included in the key derivation.
Some of the supported algorithms are not so great and should be disabled completely. The server and the client choose a set of algorithms supported by both, then proceed with the key exchange. SSH supports different key exchange algorithms, ciphers and message authentication codes. Reading the documents, I have the feeling that the NSA can 1) decrypt weak crypto and 2) steal keys. It should work with 6.5 but I have only tested 6.7 and connections to Github. Warning: You will need a recent OpenSSH version. TL DR: Scan this post for fixed width fonts, these will be the config file snippets and commands you have to use. My goal with this post here is to make NSA analysts sad. This post will still be here when you finish. If you have not, then read the latest batch of Snowden documents now. You may have heard that the NSA can decrypt SSH at least some of the time.
0 kommentar(er)
