Re: auth log full with

To: debian-user@lists.debian.org
Subject: Re: auth log full with
From: Stefan Monnier <monnier@iro.umontreal.ca>
Date: Sun, 14 Aug 2022 09:16:25 -0400
Message-id: <[🔎] jwvpmh3nezp.fsf-monnier+gmane.linux.debian.user@gnu.org>
References: <[🔎] 002d01d8af3c$0eb21500$2c163f00$@caloro.ch> <[🔎] E1oN5i6-0000TE-Io@enotuniq.net> <[🔎] 004b01d8afab$2a596640$7f0c32c0$@caloro.ch> <[🔎] E1oN89v-0000X0-BQ@enotuniq.net>

> In fact, I'd restrict allowed SSH algorithms like this:
>
> Ciphers       chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
> MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
> KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

Of course, if you do that, you'll want to make sure to revisit these
lists every couple of years :-(


        Stefan

Reply to:

Follow-Ups:
- Re: auth log full with
  - From: Reco <recoverym4n@enotuniq.net>

References:
- auth log full with
  - From: "Maurizio Caloro" <maurizio@caloro.ch>
- Re: auth log full with
  - From: Reco <recoverym4n@enotuniq.net>
- AW: auth log full with
  - From: "Maurizio Caloro" <maurizio@caloro.ch>
- Re: auth log full with
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: netperf / MIT License is not open source?
Next by Date: Re: Adduser only one or. two users
Previous by thread: Re: auth log full with
Next by thread: Re: auth log full with
Index(es):
- Date
- Thread