[arch-general] SSH security
Just wondering, how do Arch devs feel about implementing these recommendations by default in Arch's openssh package? Or would this be something worthy of an AUR package? https://stribika.github.io/2015/01/04/secure-secure-shell.html Especially interested in the moduli, KexAlgorithms, and Cipher selection config changes. Cheers, Ido
On Tue, Jan 06, 2015 at 08:29:39AM -0500, Ido Rosen wrote:
Just wondering, how do Arch devs feel about implementing these recommendations by default in Arch's openssh package? Or would this be something worthy of an AUR package?
https://stribika.github.io/2015/01/04/secure-secure-shell.html
Especially interested in the moduli, KexAlgorithms, and Cipher selection config changes.
Cheers, Ido
Since Arch policy is no patch unless something breaks, this should go to upstream and try to get some of this stuff default from upstream. -- Ike
On 01/06, Ido Rosen wrote:
Or would this be something worthy of an AUR package?
That would be the way to go. Arch only ships vanialla packages where possible; a third-party patch from some stranger's blog won't make it into the official package. Before going ahead with that, though, a note: I'm guessing you're concerned with security and privacy. That's good. However, I can virtually guarantee that the folks over at OpenBSD are much, much more serious about it than you or I, or the author of that blog you linked to. They've been paying attention to this from the beginning, and OpenSSH has been receiving regular updates to deal with it.[1] If you want to know what's being done about keeping OpenSSH up to snuff, follow it's development.[2] [1]:http://www.robesus.com/openssh-upgraded/ [2]:http://www.openssh.com/ -- "A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools." - Douglas Adams
Am 06.01.2015 um 14:29 schrieb Ido Rosen:
Just wondering, how do Arch devs feel about implementing these recommendations by default in Arch's openssh package? Or would this be something worthy of an AUR package?
https://stribika.github.io/2015/01/04/secure-secure-shell.html
Especially interested in the moduli, KexAlgorithms, and Cipher selection config changes.
I guess this would be a great topic for the Arch wiki. The latest OpenSSH version supports all these fine things (like ed25519 ecdh). If you want to improve things globally, try to talk to the OpenSSH developers about their defaults.
participants (4)
-
Bigby James
-
Ido Rosen
-
Ike Devolder
-
Thomas Bächler