[CentOS] sshd key exchange security
Chris Adams
linux at cmadams.netFri Sep 11 15:44:26 UTC 2015
- Previous message: [CentOS] sshd key exchange security
- Next message: [CentOS] sshd key exchange security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Once upon a time, Alice Wonder <alice at domblogger.net> said: > They recommend setting the following: > > KexAlgorithms curve25519-sha256 at libssh.org > > I don't even see that directive in my sshd config to set it, I > suppose it may be one that is manually added when needed but I want > to verify it actually means something in CentOS 7 ssh. > > Also I'm a little worried that maybe curve25519 is one of the curves > that Red Hat (and thus CentOS 7) doesn't support due to patent > concerns. That is supported in the CentOS 7 version of OpenSSH. Look at the man page for sshd_config and you'll see the KexAlgorithms option listed and its valid values. You can always see what your exact copy and config of OpenSSH are using by running "sshd -T". However, if you set it as above, you would _only_ be able to connect with that algorithm, and not all SSH clients support that (even for example OpenSSH on CentOS 6). -- Chris Adams <linux at cmadams.net>
- Previous message: [CentOS] sshd key exchange security
- Next message: [CentOS] sshd key exchange security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list