SSH

[Jan Pechanec]

On Wed, 28 Jan 2015, Jan Dušátko wrote:

	ahoj Honzo,

>2) Je mozne zvolit jinou metodu sifrovani spojeni nez předvolené
>"3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc", "aes128-ctr",
>"aes192-ctr", "aes256-ctr", "arcfour128", "arcfour256", "arcfour",
>"blowfish-cbc", and "cast128-cbc"? Například aes v gcm modu, nebo misto RSA
>pouziti eliptickych krivek (ECDH/ECDHE) ? Dle dostupnych informaci to není
>mozne, rad bych si overil, zda jsem nic neprehledl. Nastesti lze vypnout
>kompresi nebo alespoň dat do stavu delayed.

	http://www.openssh.com/txt/release-6.2

 * ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
   SSH protocol 2. The new cipher is available as aes128-gcm at openssh.com
   and aes256-gcm at openssh.com. It uses an identical packet format to the
   AES-GCM mode specified in RFC 5647, but uses simpler and different
   selection rules during key exchange.

	a pokud vim, uz OpenSSH uz dlouho podporuje elipticky krivky v KEX 
(i kdyz jsem to nezkousel, tak nevim, na co narazis, kdyz rikas, ze to podle 
dostupnych informaci neni mozne):

 KexAlgorithms
    Specifies the available KEX (Key Exchange) algorithms. Multiple 
algorithms must be comma-separated. The default is:

    curve25519-sha256 at libssh.org, 
    ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 
    diffie-hellman-group-exchange-sha256, 
    diffie-hellman-group14-sha1, 
    diffie-hellman-group-exchange-sha1, 
    diffie-hellman-group1-sha1

    The list of available key exchange algorithms may also be obtained using 
the -Q option of ssh(1) with an argument of “kex”.

	h.

-- 
Jan Pechanec <jp (at) devnull (dot) cz>
http://www.devnull.cz