Re: auth log full with

To: debian-user@lists.debian.org
Subject: Re: auth log full with
From: Reco <recoverym4n@enotuniq.net>
Date: Sun, 14 Aug 2022 16:49:09 +0300
Message-id: <[🔎] E1oNDzJ-0000nW-Tb@enotuniq.net>
In-reply-to: <[🔎] jwvpmh3nezp.fsf-monnier+gmane.linux.debian.user@gnu.org>
References: <[🔎] 002d01d8af3c$0eb21500$2c163f00$@caloro.ch> <[🔎] E1oN5i6-0000TE-Io@enotuniq.net> <[🔎] 004b01d8afab$2a596640$7f0c32c0$@caloro.ch> <[🔎] E1oN89v-0000X0-BQ@enotuniq.net> <[🔎] jwvpmh3nezp.fsf-monnier+gmane.linux.debian.user@gnu.org>

	Hi.

On Sun, Aug 14, 2022 at 09:16:25AM -0400, Stefan Monnier wrote:
> > In fact, I'd restrict allowed SSH algorithms like this:
> >
> > Ciphers       chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
> > MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
> > KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
> 
> Of course, if you do that, you'll want to make sure to revisit these
> lists every couple of years :-(

That goes without saying. Executing 'ssh -Q chiper' now and then is a
good habit to have.

Reco

Reply to:

References:
- auth log full with
  - From: "Maurizio Caloro" <maurizio@caloro.ch>
- Re: auth log full with
  - From: Reco <recoverym4n@enotuniq.net>
- AW: auth log full with
  - From: "Maurizio Caloro" <maurizio@caloro.ch>
- Re: auth log full with
  - From: Reco <recoverym4n@enotuniq.net>
- Re: auth log full with
  - From: Stefan Monnier <monnier@iro.umontreal.ca>

Prev by Date: Re: netperf / MIT License is not open source?
Next by Date: Re: auth log full with
Previous by thread: Re: auth log full with
Next by thread: Re: auth log full with
Index(es):
- Date
- Thread