On Wed, 28 Jan 2015, Jan Dušátko wrote:
ahoj Honzo,
>2) Je mozne zvolit jinou metodu sifrovani spojeni nez předvolené
>"3des-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc", "aes128-ctr",
>"aes192-ctr", "aes256-ctr", "arcfour128", "arcfour256", "arcfour",
>"blowfish-cbc", and "cast128-cbc"? Například aes v gcm modu, nebo misto RSA
>pouziti eliptickych krivek (ECDH/ECDHE) ? Dle dostupnych informaci to není
>mozne, rad bych si overil, zda jsem nic neprehledl. Nastesti lze vypnout
>kompresi nebo alespoň dat do stavu delayed.
http://www.openssh.com/txt/release-6.2
* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
SSH protocol 2. The new cipher is available as aes128-...@openssh.com
and aes256-...@openssh.com. It uses an identical packet format to the
AES-GCM mode specified in RFC 5647, but uses simpler and different
selection rules during key exchange.
a pokud vim, uz OpenSSH uz dlouho podporuje elipticky krivky v KEX
(i kdyz jsem to nezkousel, tak nevim, na co narazis, kdyz rikas, ze to podle
dostupnych informaci neni mozne):
KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms. Multiple
algorithms must be comma-separated. The default is:
curve25519-sha...@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group14-sha1,
diffie-hellman-group-exchange-sha1,
diffie-hellman-group1-sha1
The list of available key exchange algorithms may also be obtained using
the -Q option of ssh(1) with an argument of “kex”.
h.
--
Jan Pechanec <jp (at) devnull (dot) cz>
http://www.devnull.cz
--
FreeBSD mailing list (users-l@freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l
