[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SHH Cipher recommendations and "prohibitions" from Debian?



On 13/05/2025 10:35, c.buhtz@posteo.jp wrote:
[...]
I know nearly nothing about Ciphers and stuff like this.

I would like to give my users some hands-on about the available and used ciphers. I would like to warn if they use an out-dated one and I want to recommend some.
[...]

I also know little about cipher selection, but all the advice I've ever heard about this kind of thing is "leave it to the people who know". I don't think that your software _should_ offer cipher selection options to override SSH defaults at all, instead just using the default options.

If your users know enough about ciphers to make their own judgements about them and make their own selections, they should also know about editing the SSH client configuration to effect those changes.

Cheers,
Chris

--
Chris Boot
bootc@debian.org


Reply to: