Bug#774711: openssh-server: insecure algorithms reported by ssh-audit
Thanks for the ssh-audit report output!
There has been a very long discussion of default settings in #774711
(which now includes ssh-audit's recommendations)
Since you generated this report the following has happened:
* 1:8.8p1-1:
"This release disables RSA signatures using the SHA-1 hash algorithm
by default. (Existing RSA keys may still be used and do not need
to be replaced; see NEWS.Debian if you have problems connecting to
old SSH servers.)"
* 1:8.9p1-1:
"ssh(1): stricter UpdateHostkey signature verification logic on the
client-side. Require RSA/SHA2 signatures for RSA hostkeys except when
RSA/SHA1 was explicitly negotiated during initial KEX.
ssh(1), sshd(8): fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to prefer
RSA/SHA2 for hostkey proofs of RSA keys, but missed some cases. This
will use RSA/SHA2 signatures for RSA keys if the client proposed
these algorithms in initial KEX."
* 1:9.0p1-1:
"use the hybrid Streamlined NTRU Prime + x25519 key exchange method
by default ("sntrup761x25519-sha512@openssh.com"). The NTRU algorithm
is believed to resist attacks enabled by future quantum computers and
is paired with the X25519 ECDH key exchange (the previous default) as
a backstop against any weaknesses in NTRU Prime that may be
discovered in the future. The combination ensures that the hybrid
exchange offers at least as good security as the status quo."
* sk-ssh-ed25519@openssh.com is the defaults lists now
The rest of ssh-audit's recommendations from your report are still
valid, see #774711 for more info
--
Matt Taggart
matt@lackof.org
Reply to: