ssh elliptic curves
asked 2015-04-19 14:26:34 +0300
People using ed25519 curves currently cannot establish a connection to their machines nor generate such curves. Please add support for ed25519 curves or update ssh libs so noone is forced to decrease security. :)
Yeah. Disclaimers apply ;)
[nemo@Jolla ~]$ ssh -Q cipher 3des-cbc blowfish-cbc cast128-cbc arcfour arcfour128 arcfour256 aes128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.comaes256-gcm@openssh.comchacha20-poly1305@openssh.com
[nemo@Jolla ~]$ ssh -Q mac hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.comumac-64@openssh.comumac-128@openssh.comhmac-sha1-etm@openssh.comhmac-sha1-96-etm@openssh.comhmac-sha2-256-etm@openssh.comhmac-sha2-512-etm@openssh.comhmac-md5-etm@openssh.comhmac-md5-96-etm@openssh.comhmac-ripemd160-etm@openssh.comumac-64-etm@openssh.comumac-128-etm@openssh.com
[nemo@Jolla ~]$ ssh -Q kex diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256@libssh.org [nemo@Jolla ~]$
Nieldk ( 2015-04-19 16:52:00 +0300 )editThank you, while I really appreciate your work I think one should not have to rely on unofficial 3rd party work for security critical components because of obvious reasons (just paranoia, nothing personal ;) ).
0ida ( 2015-04-19 20:17:37 +0300 )editThe deeper question is what are the reasons Jolla (which generally tries to apply all the latest security fixes) is still shipping OpenSSH 5.6.
simosagi ( 2015-04-20 09:01:13 +0300 )edit