Re: audit perspective: proof that all connections are encrypted

From: Nathan Jackson-Eeles (c.cured_at_gmail.com)
Date: 09/19/05

Next message: Darren Tucker: "Re: Timeouty while using SFTP subsystem of OpenSSH."

Previous message: Darren Tucker: "Re: problem with ssh and pam"
In reply to: Florin Andrei: "audit perspective: proof that all connections are encrypted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 19 Sep 2005 13:02:37 +0200
To: secureshell@securityfocus.com

Florin,

I've worked mainly with the commercial versions of SSH, so I'm not
sure whether OpenSSH would allow a client connection with "Ciphers
none", in any case you would want to modify your sshd_config to allow
only certain ciphers and macs.

The appropriate keywords in the sshd_config are the following (see
sshd_config man page for a list of values):

Ciphers <comma seperated list of allowed ciphers>
(for protocol version 2 only!!)

MACs <list of algorithms>
(important to note here is that for FIPS 140-2 validation you cannot
use MD5, I'm not sure how the use of MD5 would go down with a SOX
audit???)

HTH

Nathan

Next message: Darren Tucker: "Re: Timeouty while using SFTP subsystem of OpenSSH."

Previous message: Darren Tucker: "Re: problem with ssh and pam"
In reply to: Florin Andrei: "audit perspective: proof that all connections are encrypted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]