Bug#774711: openssh: OpenSSH should have stronger ciphers selected at least on the server side.
Source: openssh
Severity: wishlist
Dear Maintainer,
As per a talk at 31C3 ("Reconstructing narratives"[1]), which mentions that there
are possible decrypts/attacks on OpenSSH, and a document which contains some
best practices in that regard[2] that got published afterward, is it possible to:
- get openssh to generate 4096-bit RSA keys by default;
- increase the size of the DH modulus to 4096;
- disable old ciphers, like the 3DES based ones.
I understand that there is nothing sure and final, but most of these recommendations
seem like a good idea from a security point of view, and won't break compatibility
except with some very old (and maybe insecure) clients. For such compatibility
issues, a warning might be provided with an explanation how to re-enable them,
or a way to enable a "hardened" configuration.
1. http://media.ccc.de/browse/congress/2014/31c3_-_6258_-_en_-_saal_1_-_201412282030_-_reconstructing_narratives_-_jacob_-_laura_poitras.html
2. https://stribika.github.io/2015/01/04/secure-secure-shell.html
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (1120, 'testing'), (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=bg_BG.UTF8, LC_CTYPE=bg_BG.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Reply to: