Re: SHH Cipher recommendations and "prohibitions" from Debian?

To: c.buhtz@posteo.jp, debian-security@lists.debian.org
Subject: Re: SHH Cipher recommendations and "prohibitions" from Debian?
From: Chris Boot <bootc@debian.org>
Date: Tue, 13 May 2025 11:39:29 +0100
Message-id: <[🔎] df87848c-b867-4400-818a-041c2eae2ff4@debian.org>
In-reply-to: <[🔎] c5cdd23ac4f6079f011d5f86d81e945d@posteo.de>
References: <[🔎] c5cdd23ac4f6079f011d5f86d81e945d@posteo.de>

On 13/05/2025 10:35, c.buhtz@posteo.jp wrote:
[...]

I know nearly nothing about Ciphers and stuff like this.
I would like to give my users some hands-on about the available and usedciphers. I would like to warn if they use an out-dated one and I want torecommend some.

[...]

I also know little about cipher selection, but all the advice I've everheard about this kind of thing is "leave it to the people who know". Idon't think that your software _should_ offer cipher selection optionsto override SSH defaults at all, instead just using the default options.

If your users know enough about ciphers to make their own judgementsabout them and make their own selections, they should also know aboutediting the SSH client configuration to effect those changes.


Cheers,
Chris

--
Chris Boot
bootc@debian.org

Reply to:

Follow-Ups:
- Re: SHH Cipher recommendations and "prohibitions" from Debian?
  - From: c.buhtz@posteo.jp
- Use ~/.ssh/config
  - From: Stephan Verbücheln <verbuecheln@posteo.de>

References:
- SHH Cipher recommendations and "prohibitions" from Debian?
  - From: c.buhtz@posteo.jp

Prev by Date: Re: SHH Cipher recommendations and "prohibitions" from Debian?
Next by Date: Re: SHH Cipher recommendations and "prohibitions" from Debian?
Previous by thread: Re: SHH Cipher recommendations and "prohibitions" from Debian?
Next by thread: Re: SHH Cipher recommendations and "prohibitions" from Debian?
Index(es):
- Date
- Thread