[CentOS] sshd key exchange security
Alice Wonder
alice at domblogger.netFri Sep 11 15:35:49 UTC 2015
- Previous message: [CentOS] Rebuilding a Centos 6.2 netinstall initrd with an updated driver?
- Next message: [CentOS] sshd key exchange security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I was reading https://weakdh.org/sysadmin.html They also have a very interesting paper as a PDF. Anyway it appears that most ssh servers, when using DHE key exchange, use the 1024-bit Oakley Group 2 and there is suspicion the NSA has done the pre-computations needed to passively decrypt any tls communication using DHE with that particular prime group. They recommend setting the following: KexAlgorithms curve25519-sha256 at libssh.org I don't even see that directive in my sshd config to set it, I suppose it may be one that is manually added when needed but I want to verify it actually means something in CentOS 7 ssh. Also I'm a little worried that maybe curve25519 is one of the curves that Red Hat (and thus CentOS 7) doesn't support due to patent concerns. If it is, is there a suggestion on what curve should be used instead?
- Previous message: [CentOS] Rebuilding a Centos 6.2 netinstall initrd with an updated driver?
- Next message: [CentOS] sshd key exchange security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list