SHH Cipher recommendations and "prohibitions" from Debian?

To: debian-security@lists.debian.org
Subject: SHH Cipher recommendations and "prohibitions" from Debian?
From: c.buhtz@posteo.jp
Date: Tue, 13 May 2025 09:35:08 +0000
Message-id: <[🔎] c5cdd23ac4f6079f011d5f86d81e945d@posteo.de>

Hello,

I am upstream maintainer of "Back In Time" [1][2]. It is GUI backupsoftware using rsync, where rsync is able to connect via SSH to a remotehost.

Users are able to configure the Cipher used for that SSH connection.

The project is old and I wasn't the developer implementing this feature.I know nearly nothing about Ciphers and stuff like this.

I would like to give my users some hands-on about the available and usedciphers. I would like to warn if they use an out-dated one and I want torecommend some.

But to do this I need a strong, official and trustful reference. DoesDebian has something like his?

I was able to find a list of recommendations from the BSI (a Germaninstitution) but without a list of out-dated Ciphers.Also the NIST has a document, but I am not able to understand it. Icouldn't find a list in it.


What do you think?

Regards,
Christian Buhtz

[1] -- <https://github.com/bit-team/backintime>
[2] -- <https://tracker.debian.org/pkg/backintime>

Reply to:

Follow-Ups:
- Re: SHH Cipher recommendations and "prohibitions" from Debian?
  - From: Bartosz Fenski <bartosz@fenski.pl>
- Re: SHH Cipher recommendations and "prohibitions" from Debian?
  - From: Chris Boot <bootc@debian.org>

Prev by Date: Clarification Request: Acceptable Scenarios for Submitting CVE Fixes to Debian
Next by Date: Re: SHH Cipher recommendations and "prohibitions" from Debian?
Previous by thread: RE: Clarification Request: Acceptable Scenarios for Submitting CVE Fixes to Debian
Next by thread: Re: SHH Cipher recommendations and "prohibitions" from Debian?
Index(es):
- Date
- Thread