Bug#611392: sshd_config should warn against use of RC4.

To: 611392@bugs.debian.org
Subject: Bug#611392: sshd_config should warn against use of RC4.
From: Ray Dillinger <bear@sonic.net>
Date: Wed, 22 Jun 2011 11:33:43 -0700
Message-id: <[🔎] 1308767623.15618.11.camel@janus.pagansexcult.org>
Reply-to: Ray Dillinger <bear@sonic.net>, 611392@bugs.debian.org

Agreed.  In light of RC4's vulnerability to replay attacks 
(explained in the context of SSH at 

https://www.kb.cert.org/vuls/id/565052 )

sshd_config and ssh_config should at least specifically warn 
against using RC4, as they currently do regarding DES.

OpenSSH itself should not enable RC4 or DES by default, and should 
print a warning to stderr when weak ciphers are enabled explicitly. 

Do we have any idea how much trouble it would cause for these 
deprecated insecure ciphers to be completely disabled?  

				Ray Dillinger

Reply to:

Follow-Ups:
- Bug#611392: sshd_config(5) could better describe Ciphers
  - From: Steven Chamberlain <steven@pyro.eu.org>

Prev by Date: Processed: bug 76312 is forwarded to https://bugzilla.mindrot.org/show_bug.cgi?id=172, merging 76312 560148
Next by Date: Bug#611392: sshd_config(5) could better describe Ciphers
Previous by thread: Processed: bug 76312 is forwarded to https://bugzilla.mindrot.org/show_bug.cgi?id=172, merging 76312 560148
Next by thread: Bug#611392: sshd_config(5) could better describe Ciphers
Index(es):
- Date
- Thread