wiki

User Tools

Site Tools

Trace:
linux:ssh_crypto

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
linux:ssh_crypto [2025/01/16 17:40]
manu [Custom modules] 		linux:ssh_crypto [2025/01/16 17:41] (current)
manu
Line 35: Line 35:
 CRYPTO_POLICY='​-oCiphers=aes256-gcm@openssh.com,​chacha20-poly1305@openssh.com,​aes256-ctr,​aes256-cbc,​aes128-gcm@openssh.com,​aes128-ctr,​aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,​hmac-sha1-etm@openssh.com,​umac-128-etm@openssh.com,​hmac-sha2-512-etm@openssh.com,​hmac-sha2-256,​hmac-sha1,​umac-128@openssh.com,​hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,​gss-nistp256-sha256-,​gss-group14-sha256-,​gss-group16-sha512-,​gss-gex-sha1-,​gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,​curve25519-sha256@libssh.org,​ecdh-sha2-nistp256,​ecdh-sha2-nistp384,​ecdh-sha2-nistp521,​diffie-hellman-group-exchange-sha256,​diffie-hellman-group14-sha256,​diffie-hellman-group16-sha512,​diffie-hellman-group18-sha512,​diffie-hellman-group-exchange-sha1,​diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com,​ssh-rsa,​ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com,​ssh-rsa,​ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp521,​ssh-ed25519,​rsa-sha2-256,​rsa-sha2-512,​ssh-rsa'​ CRYPTO_POLICY='​-oCiphers=aes256-gcm@openssh.com,​chacha20-poly1305@openssh.com,​aes256-ctr,​aes256-cbc,​aes128-gcm@openssh.com,​aes128-ctr,​aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,​hmac-sha1-etm@openssh.com,​umac-128-etm@openssh.com,​hmac-sha2-512-etm@openssh.com,​hmac-sha2-256,​hmac-sha1,​umac-128@openssh.com,​hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,​gss-nistp256-sha256-,​gss-group14-sha256-,​gss-group16-sha512-,​gss-gex-sha1-,​gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,​curve25519-sha256@libssh.org,​ecdh-sha2-nistp256,​ecdh-sha2-nistp384,​ecdh-sha2-nistp521,​diffie-hellman-group-exchange-sha256,​diffie-hellman-group14-sha256,​diffie-hellman-group16-sha512,​diffie-hellman-group18-sha512,​diffie-hellman-group-exchange-sha1,​diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com,​ssh-rsa,​ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com,​ssh-rsa,​ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp521,​ssh-ed25519,​rsa-sha2-256,​rsa-sha2-512,​ssh-rsa'​
  
-[root@lnxa100 crypto-policies]#​ cat FUTURE/​openssh.txt +[root@lnxa100 crypto-policies]#​ cat /​usr/​share/​crypto-policies/​DEFAULT/​openssh.txt 
-Ciphers aes256-gcm@openssh.com,​chacha20-poly1305@openssh.com,​aes256-ctr +Ciphers aes256-gcm@openssh.com,​chacha20-poly1305@openssh.com,​aes256-ctr,​aes256-cbc,​aes128-gcm@openssh.com,​aes128-ctr,​aes128-cbc 
-MACs hmac-sha2-256-etm@openssh.com,​umac-128-etm@openssh.com,​hmac-sha2-512-etm@openssh.com,​hmac-sha2-256,​umac-128@openssh.com,​hmac-sha2-512 +MACs hmac-sha2-256-etm@openssh.com,​hmac-sha1-etm@openssh.com,​umac-128-etm@openssh.com,​hmac-sha2-512-etm@openssh.com,​hmac-sha2-256,hmac-sha1,​umac-128@openssh.com,​hmac-sha2-512 
-GSSAPIKexAlgorithms gss-curve25519-sha256-,​gss-nistp256-sha256-,​gss-group16-sha512- +GSSAPIKexAlgorithms gss-curve25519-sha256-,​gss-nistp256-sha256-,​gss-group14-sha256-,​gss-group16-sha512-,​gss-gex-sha1-,​gss-group14-sha1
-KexAlgorithms curve25519-sha256,​curve25519-sha256@libssh.org,​ecdh-sha2-nistp256,​ecdh-sha2-nistp384,​ecdh-sha2-nistp521,​diffie-hellman-group-exchange-sha256,​diffie-hellman-group16-sha512,​diffie-hellman-group18-sha512 +KexAlgorithms curve25519-sha256,​curve25519-sha256@libssh.org,​ecdh-sha2-nistp256,​ecdh-sha2-nistp384,​ecdh-sha2-nistp521,​diffie-hellman-group-exchange-sha256,​diffie-hellman-group14-sha256,​diffie-hellman-group16-sha512,​diffie-hellman-group18-sha512,​diffie-hellman-group-exchange-sha1,​diffie-hellman-group14-sha1 
-PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com +PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com,​ssh-rsa,​ssh-rsa-cert-v01@openssh.com 
-CASignatureAlgorithms ecdsa-sha2-nistp256,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp521,​ssh-ed25519,​rsa-sha2-256,​rsa-sha2-512+CASignatureAlgorithms ecdsa-sha2-nistp256,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp521,​ssh-ed25519,​rsa-sha2-256,​rsa-sha2-512,ssh-rsa
 </​cli>​ </​cli>​
  
 +<cli>
 [root@lnxa100 crypto-policies]#​ cat FUTURE/​opensshserver.txt [root@lnxa100 crypto-policies]#​ cat FUTURE/​opensshserver.txt
 CRYPTO_POLICY='​-oCiphers=aes256-gcm@openssh.com,​chacha20-poly1305@openssh.com,​aes256-ctr -oMACs=hmac-sha2-256-etm@openssh.com,​umac-128-etm@openssh.com,​hmac-sha2-512-etm@openssh.com,​hmac-sha2-256,​umac-128@openssh.com,​hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,​gss-nistp256-sha256-,​gss-group16-sha512- -oKexAlgorithms=curve25519-sha256,​curve25519-sha256@libssh.org,​ecdh-sha2-nistp256,​ecdh-sha2-nistp384,​ecdh-sha2-nistp521,​diffie-hellman-group-exchange-sha256,​diffie-hellman-group16-sha512,​diffie-hellman-group18-sha512 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp521,​ssh-ed25519,​rsa-sha2-256,​rsa-sha2-512'​ CRYPTO_POLICY='​-oCiphers=aes256-gcm@openssh.com,​chacha20-poly1305@openssh.com,​aes256-ctr -oMACs=hmac-sha2-256-etm@openssh.com,​umac-128-etm@openssh.com,​hmac-sha2-512-etm@openssh.com,​hmac-sha2-256,​umac-128@openssh.com,​hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,​gss-nistp256-sha256-,​gss-group16-sha512- -oKexAlgorithms=curve25519-sha256,​curve25519-sha256@libssh.org,​ecdh-sha2-nistp256,​ecdh-sha2-nistp384,​ecdh-sha2-nistp521,​diffie-hellman-group-exchange-sha256,​diffie-hellman-group16-sha512,​diffie-hellman-group18-sha512 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp521,​ssh-ed25519,​rsa-sha2-256,​rsa-sha2-512'​
linux/ssh_crypto.1737045622.txt.gz · Last modified: 2025/01/16 17:40 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki