possible SSH algorithm issues?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

possible SSH algorithm issues?

lu hu
Hello,

used https://www.sshaudit.com/ + ssh-audit package

###############################

by default OpenBSD 6.6 ssh client (SSH-2.0-OpenSSH_8.1) has issues:

Host Key Types: nistp should be removed
Key Exchange Algorithms: nistp should be removed, also diffie-hellman-group14-sha1: SHA-1 has exploitable weaknesses.
Message Authentication Codes: [hidden email] MAC uses small tag size. + [hidden email] SHA-1 has exploitable weaknesses.  + [hidden email] MAC uses small tag size. + hmac-sha1 SHA-1 has exploitable weaknesses.

###############################

by default OpenBSD 6.6 sshd server (SSH-2.0-OpenSSH_8.1) has issues:

# key exchange algorithms
(kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves
(kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves
(kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves

# host-key algorithms
(key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves

###############################

are these real issues? nistp + weak macs. that are advised to be removed by ssh-audit?

Googled misc archives, didn't found any discussion about these! (yet)

Many thanks.

Reply | Threaded
Open this post in threaded view
|

Re: possible SSH algorithm issues?

Christian Weisgerber
On 2020-01-08, "lu hu" <[hidden email]> wrote:

> are these real issues?

No.

--
Christian "naddy" Weisgerber                          [hidden email]