5
edits
Security/Guidelines/OpenSSH: Difference between revisions
question regarding HostKeyAlgorithms order
Gdestuynder (talk | contribs) (document ready) |
JanZerebecki (talk | contribs) (question regarding HostKeyAlgorithms order) |
||
| Line 200: | Line 200: | ||
#Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr | #Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr | ||
</source> | </source> | ||
Because i'm not permitted to create the discussion page, commenting here: Shouldn't HostKeyAlgorithms (above and below) 1) have ecdsa-sha2-nistp256-cert-v01@openssh.com after ecdsa-sha2-nistp384-cert-v01@openssh.com and 2) not list all openssh.com variants first but primarily order by algorithm? | |||
New suggestion: | |||
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp256 | |||
-[[User:JanZerebecki|JanZerebecki]] ([[User talk:JanZerebecki|talk]]) 10:28, 2 March 2015 (PST) | |||
=== '''Intermediate''' (connects to older servers) === | === '''Intermediate''' (connects to older servers) === | ||