> Actually it doesn't. You're talking about different things: he's > asking about RSA key exchange (ie how the client and server arrive at > a shared secret, ie http://www.ietf.org/rfc/rfc4432.txt), but you're > talking about RSA host key algorithms (ie how the server proves it is > who you think it is, which happens latter in the connection). Does it prevent man in the middle attack ?
> > Here's the list of supported key exchange algorithms (from > usr.bin/ssh/myproposal.h): > > #define KEX_DEFAULT_KEX \ > "ecdh-sha2-nistp256," \ > "ecdh-sha2-nistp384," \ > "ecdh-sha2-nistp521," \ > "diffie-hellman-group-exchange-sha256," \ > "diffie-hellman-group-exchange-sha1," \ > "diffie-hellman-group14-sha1," \ > "diffie-hellman-group1-sha1" > > so no "rsa1024-sha1" or "rsa2048-sha256". > > To the original question: > - Putty implements the client side, which makes me wonder what they > tested against. Ben Harris mentioned that his initial implementation > used OpenSSH. I don't know if the code is available anywhere, but it > might be. > - the threads on the ietf working group lists mentioned der Mouse > implemented it, so it's probably in > http://sparkle.rodents-montreal.org/mouseware/local-src/moussh/moussh/. > > On a related topic: I added an openssh specs page recently > (http://www.openssh.com/specs.html) which should be the authoritative > reference for what is supported. Corrections are welcome (but before > someone says "RFC6594", note that I'm trying to keep it accurate for > the most recent release). > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement.
