Harry Putnam:
> Harry Putnam <reader@newsguy.com> writes:
>
> …
> KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
>
> That also works.
Thanks for posting your solution and what you tried.
> Now, since debian chose to follow the new upstream sshd defaults and
> limits due to `UNSAFE' alg. I'm wondering if by adding one of those
> discarded algs back in there... I may be creating a security hole.
I am not qualified to give an answer to that, I usually trust upstream's
or the maintainer's defaults. You will probably receive the best answers
on OpenSSH related mailing lists. Maybe it is even already explained
there.
But, as far as I understand, if the key exchange algorithm is really
unsafe, the risk is probably that someone might eavesdrop on your
connection. This is especially problematic since you are using password
authentication because the password can be read as well (if the key
exchange is unsafe).
J.
--
I have been manipulated and permanently distorted.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature