Re: disabling diffie-hellman-group1-sha1

From: Darren Tucker (dtucker_at_gate.dodgy.net.au)
Date: 09/27/05

• Next message: jussij_at_zeusedit.com: "Re: How to run a command after logging using a SFTP client.."
• Previous message: Darren Tucker: "Re: SSH Tunneling On Demand"
• In reply to: JustReplyByPost_at_spambucket.net: "disabling diffie-hellman-group1-sha1"
• Next in thread: JustReplyByPost_at_spambucket.net: "Re: disabling diffie-hellman-group1-sha1"
• Reply: JustReplyByPost_at_spambucket.net: "Re: disabling diffie-hellman-group1-sha1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 27 Sep 2005 00:57:00 GMT

On 2005-09-26, JustReplyByPost@spambucket.net
   <JustReplyByPost@spambucket.net> wrote:
> My company uses Foundstone to scan for security vulnerabilities and it is
> telling me that I should disable the diffie-hellman-group1-sha1 key
> exchange algorithm.
[...]
> Fine and dandy. Is there even a way to do this in the sshd_conf? I am
> using a mix of openssh and solaris ssh.

In OpenSSH: no, you would have to modify the source. In SunSSH: don't know.

I'm not sure it's a good idea, though. diffie-hellman-group1-sha1 is
mandatory in the spec.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

• Next message: jussij_at_zeusedit.com: "Re: How to run a command after logging using a SFTP client.."
• Previous message: Darren Tucker: "Re: SSH Tunneling On Demand"
• In reply to: JustReplyByPost_at_spambucket.net: "disabling diffie-hellman-group1-sha1"
• Next in thread: JustReplyByPost_at_spambucket.net: "Re: disabling diffie-hellman-group1-sha1"
• Reply: JustReplyByPost_at_spambucket.net: "Re: disabling diffie-hellman-group1-sha1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: tcsetpgrp() ... Which SSH implementation and version thereof are you running? ... On QNX the pty allocation process apparently ... In the next release of OpenSSH, ... Good judgement comes with experience. ... (comp.security.ssh) Re: SSH Connecting through Firewall ... >client to use HTTPS or FTP proxy. ... There is no such option in the OpenSSH ... Good judgement comes with experience. ... (comp.security.ssh) Re: Adding "X11UseLocalhost no" to /etc/ssh/sshd_config breaks x forwarding ... telnet: Unable to connect to remote host: Connection refused ... has been turned off either by Openssh or by Red Hat. ... feature or a bug I am unsure, there are warnings in the man page ... Good judgement comes with experience. ... (SSH) Re: Solaris 9 sshd<---> Cygwin/X ssh Problems ... >uses a Solaris box as an sshd server? ... I don't know if this exists in SunSSH but for OpenSSH this can be caused ... Good judgement comes with experience. ... (comp.security.ssh) Re: Tacacs and OpenSSH ... attempting to integrate a Tacacs+ PAM with OpenSSH. ... There's a patch that may help at ... Good judgement comes with experience. ... (SSH)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint