wiki

User Tools

Site Tools

Trace:
linux:ssh_crypto

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux:ssh_crypto [2024/12/06 10:23]
manu 		linux:ssh_crypto [2025/01/16 17:41] (current)
manu
Line 29: Line 29:
 The naming of these files must follow the following convention: <​MODULE>​.pmod,​ where <​MODULE>​ is the name of the modifier in uppercase without spaces, and .pmod is the file extension in lowercase. ​ The naming of these files must follow the following convention: <​MODULE>​.pmod,​ where <​MODULE>​ is the name of the modifier in uppercase without spaces, and .pmod is the file extension in lowercase. ​
  
-The location of these files should be /​etc/​crypto-policies/​policies/​modules folder (or the /​usr/​share/​crypto-policies/​policies/​modules folder if they are in installed packages).+The location of these files should be **/​etc/​crypto-policies/​policies/​modules** folder (or the /​usr/​share/​crypto-policies/​policies/​modules folder if they are in installed packages).
  
 +<cli>
 +[root@lnxa100 crypto-policies]#​ cat /​usr/​share/​crypto-policies/​DEFAULT/​opensshserver.txt
 +CRYPTO_POLICY='​-oCiphers=aes256-gcm@openssh.com,​chacha20-poly1305@openssh.com,​aes256-ctr,​aes256-cbc,​aes128-gcm@openssh.com,​aes128-ctr,​aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,​hmac-sha1-etm@openssh.com,​umac-128-etm@openssh.com,​hmac-sha2-512-etm@openssh.com,​hmac-sha2-256,​hmac-sha1,​umac-128@openssh.com,​hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,​gss-nistp256-sha256-,​gss-group14-sha256-,​gss-group16-sha512-,​gss-gex-sha1-,​gss-group14-sha1- -oKexAlgorithms=curve25519-sha256,​curve25519-sha256@libssh.org,​ecdh-sha2-nistp256,​ecdh-sha2-nistp384,​ecdh-sha2-nistp521,​diffie-hellman-group-exchange-sha256,​diffie-hellman-group14-sha256,​diffie-hellman-group16-sha512,​diffie-hellman-group18-sha512,​diffie-hellman-group-exchange-sha1,​diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com,​ssh-rsa,​ssh-rsa-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com,​ssh-rsa,​ssh-rsa-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp521,​ssh-ed25519,​rsa-sha2-256,​rsa-sha2-512,​ssh-rsa'​
 +
 +[root@lnxa100 crypto-policies]#​ cat /​usr/​share/​crypto-policies/​DEFAULT/​openssh.txt
 +Ciphers aes256-gcm@openssh.com,​chacha20-poly1305@openssh.com,​aes256-ctr,​aes256-cbc,​aes128-gcm@openssh.com,​aes128-ctr,​aes128-cbc
 +MACs hmac-sha2-256-etm@openssh.com,​hmac-sha1-etm@openssh.com,​umac-128-etm@openssh.com,​hmac-sha2-512-etm@openssh.com,​hmac-sha2-256,​hmac-sha1,​umac-128@openssh.com,​hmac-sha2-512
 +GSSAPIKexAlgorithms gss-curve25519-sha256-,​gss-nistp256-sha256-,​gss-group14-sha256-,​gss-group16-sha512-,​gss-gex-sha1-,​gss-group14-sha1-
 +KexAlgorithms curve25519-sha256,​curve25519-sha256@libssh.org,​ecdh-sha2-nistp256,​ecdh-sha2-nistp384,​ecdh-sha2-nistp521,​diffie-hellman-group-exchange-sha256,​diffie-hellman-group14-sha256,​diffie-hellman-group16-sha512,​diffie-hellman-group18-sha512,​diffie-hellman-group-exchange-sha1,​diffie-hellman-group14-sha1
 +PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com,​ssh-rsa,​ssh-rsa-cert-v01@openssh.com
 +CASignatureAlgorithms ecdsa-sha2-nistp256,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp521,​ssh-ed25519,​rsa-sha2-256,​rsa-sha2-512,​ssh-rsa
 +</​cli>​
 +
 +<cli>
 +[root@lnxa100 crypto-policies]#​ cat FUTURE/​opensshserver.txt
 +CRYPTO_POLICY='​-oCiphers=aes256-gcm@openssh.com,​chacha20-poly1305@openssh.com,​aes256-ctr -oMACs=hmac-sha2-256-etm@openssh.com,​umac-128-etm@openssh.com,​hmac-sha2-512-etm@openssh.com,​hmac-sha2-256,​umac-128@openssh.com,​hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-curve25519-sha256-,​gss-nistp256-sha256-,​gss-group16-sha512- -oKexAlgorithms=curve25519-sha256,​curve25519-sha256@libssh.org,​ecdh-sha2-nistp256,​ecdh-sha2-nistp384,​ecdh-sha2-nistp521,​diffie-hellman-group-exchange-sha256,​diffie-hellman-group16-sha512,​diffie-hellman-group18-sha512 -oHostKeyAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com -oCASignatureAlgorithms=ecdsa-sha2-nistp256,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp521,​ssh-ed25519,​rsa-sha2-256,​rsa-sha2-512'​
 +
 +[root@lnxa100 crypto-policies]#​ cat FUTURE/​openssh.txt
 +Ciphers aes256-gcm@openssh.com,​chacha20-poly1305@openssh.com,​aes256-ctr
 +MACs hmac-sha2-256-etm@openssh.com,​umac-128-etm@openssh.com,​hmac-sha2-512-etm@openssh.com,​hmac-sha2-256,​umac-128@openssh.com,​hmac-sha2-512
 +GSSAPIKexAlgorithms gss-curve25519-sha256-,​gss-nistp256-sha256-,​gss-group16-sha512-
 +KexAlgorithms curve25519-sha256,​curve25519-sha256@libssh.org,​ecdh-sha2-nistp256,​ecdh-sha2-nistp384,​ecdh-sha2-nistp521,​diffie-hellman-group-exchange-sha256,​diffie-hellman-group16-sha512,​diffie-hellman-group18-sha512
 +PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,​ecdsa-sha2-nistp256-cert-v01@openssh.com,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp384-cert-v01@openssh.com,​ecdsa-sha2-nistp521,​ecdsa-sha2-nistp521-cert-v01@openssh.com,​ssh-ed25519,​ssh-ed25519-cert-v01@openssh.com,​rsa-sha2-256,​rsa-sha2-256-cert-v01@openssh.com,​rsa-sha2-512,​rsa-sha2-512-cert-v01@openssh.com
 +CASignatureAlgorithms ecdsa-sha2-nistp256,​ecdsa-sha2-nistp384,​ecdsa-sha2-nistp521,​ssh-ed25519,​rsa-sha2-256,​rsa-sha2-512
 +</​cli>​
linux/ssh_crypto.1733477015.txt.gz ยท Last modified: 2024/12/06 10:23 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki