Use ~/.ssh/config

To: debian-security@lists.debian.org
Subject: Use ~/.ssh/config
From: Stephan Verbücheln <verbuecheln@posteo.de>
Date: Tue, 13 May 2025 12:11:24 +0000
Message-id: <[🔎] a13c7d7ed3f3f98e7462ea737e2c8eb9a8d17f16.camel@posteo.de>
In-reply-to: <[🔎] df87848c-b867-4400-818a-041c2eae2ff4@debian.org>
References: <[🔎] c5cdd23ac4f6079f011d5f86d81e945d@posteo.de> <[🔎] df87848c-b867-4400-818a-041c2eae2ff4@debian.org>

On Tue, 2025-05-13 at 11:39 +0100, Chris Boot wrote:
> I don't think that your software _should_ offer cipher selection
> options to override SSH defaults at all, instead just using the
> default options.

I second this. This way, the secure defaults will evolve over time with
future releases of OpenSSH and Debian.

If necessary, I recommend to define non-default settings on a per-host
basis in:

  ~/.ssh/config

This is out of scope for rsync and Back in Time.

Regards
Stephan

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- SHH Cipher recommendations and "prohibitions" from Debian?
  - From: c.buhtz@posteo.jp
- Re: SHH Cipher recommendations and "prohibitions" from Debian?
  - From: Chris Boot <bootc@debian.org>

Prev by Date: Re: SHH Cipher recommendations and "prohibitions" from Debian?
Next by Date: eiärkmýčaež
Previous by thread: Re: SHH Cipher recommendations and "prohibitions" from Debian?
Next by thread: eiärkmýčaež
Index(es):
- Date
- Thread