Re: SSH key algorithm updates
denis bider <ietf-ssh3@denisbider.com> Sat, 07 November 2015 09:31 UTC
Return-Path: <bounces-ietf-ssh-owner-secsh-tyoxbijeg7-archive=lists.ietf.org@NetBSD.org>
X-Original-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Delivered-To: ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0F121B2E9F for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 7 Nov 2015 01:31:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S9u0MRLkqV6P for <ietfarch-secsh-tyoxbijeg7-archive@ietfa.amsl.com>; Sat, 7 Nov 2015 01:31:45 -0800 (PST)
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C43F11B2E5D for <secsh-tyoxbijeg7-archive@lists.ietf.org>; Sat, 7 Nov 2015 01:31:45 -0800 (PST)
Received: by mail.netbsd.org (Postfix, from userid 605) id 60B6514A204; Sat, 7 Nov 2015 09:31:45 +0000 (UTC)
Delivered-To: ietf-ssh@netbsd.org
Received: by mail.netbsd.org (Postfix, from userid 1347) id 081EF14A200; Sat, 7 Nov 2015 09:31:45 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id AE15B14A3AA for <ietf-ssh@NetBSD.org>; Fri, 6 Nov 2015 17:59:03 +0000 (UTC)
X-Virus-Scanned: amavisd-new at NetBSD.org
Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id zCFYTTMsfTIX for <ietf-ssh@NetBSD.org>; Fri, 6 Nov 2015 17:59:02 +0000 (UTC)
Received: from skroderider.denisbider.com (skroderider.denisbider.com [50.18.172.175]) (using TLSv1.1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.netbsd.org (Postfix) with ESMTPS id D149214A3A5 for <ietf-ssh@NetBSD.org>; Fri, 6 Nov 2015 17:59:02 +0000 (UTC)
X-Footer: ZGVuaXNiaWRlci5jb20=
Received: from localhost ([127.0.0.1]) by skroderider.denisbider.com for postbox@quendi.de; Fri, 6 Nov 2015 17:59:00 +0000
Date: Fri, 06 Nov 2015 17:59:00 +0000
Subject: Re: SSH key algorithm updates
X-User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Message-ID: <1955912751-3064@skroderider.denisbider.com>
X-Priority: 3
Importance: Normal
MIME-Version: 1.0
From: denis bider <ietf-ssh3@denisbider.com>
To: Max Horn <postbox@quendi.de>
Cc: ietf-ssh@NetBSD.org
Content-Type: multipart/alternative; boundary="=-avInWg/uR2pp+a3aQ7cR"
Sender: ietf-ssh-owner@NetBSD.org
List-Id: ietf-ssh.NetBSD.org
Precedence: list
> Also, of course there are implementations missing (one notable > is Bitvise's; I started work on that, but had a hard time finding > reliable a source for what they actually support and what not). If you can run a Windows executable, you can simply download our stuff from our website: https://www.bitvise.com/ Both the client and the server are free for use that is both personal and non-commercial. The client goes further than that, and is also free for individual use in organizations. The following is what a default SSH Server installation (latest version 6.43) supports and enables at the moment. All algorithms listed are supported. Only the "true" ones are enabled by default: > q algs.* With kex { ecdhSecp256k1 true ecdhNistp256 true ecdhNistp384 true ecdhNistp521 true dhGexSha256 true dhGexSha1 true dhG1Sha1 false dhG14Sha1 true gssG1Sha1Krb5 false gssG14Sha1Krb5 true gssGexSha1Krb5 true } With encr { aes256-ctr true aes192-ctr true aes128-ctr true 3des-ctr true aes256-cbc false aes192-cbc false aes128-cbc false 3des-cbc false none false } With mac { hmac-sha2-256 true hmac-sha1 true hmac-md5 false hmac-sha2-256-96 false hmac-sha1-96 false hmac-md5-96 false none false } With cmpr { zlib true none true delayCompression false } Supported host key algorithms are: ssh-rsa ssh-dss ecdsa-sha2 over secp256k1 ecdsa-sha2 over nistp256 ecdsa-sha2 over nistp384 ecdsa-sha2 over nistp521 Algorithms supported by our client mirror those in the server. denis ----- Original Message ----- From: Max Horn Sent: Friday, November 6, 2015 03:08 To: ietf-ssh@NetBSD.org Cc: Mark D. Baushke Subject: Re: SSH key algorithm updates Hi there, just joined the list, but saw on the list archive that a few days ago, Mark D. Baushke wrote on this thread: > It would be useful to see what other protocols various SSH implementers > have been adding and see if there is a desire to move any of them into a > recommended or optional standard. As a matter of fact, I started such a page some time ago: http://ssh-comparison.quendi.de/ http://ssh-comparison.quendi.de/comparison.html I tried my best to make it accurate, but of course cannot exclude mistakes. Also, of course there are implementations missing (one notable is Bitvise's; I started work on that, but had a hard time finding reliable a source for what they actually support and what not). Anyway, issue reports and pull request (also with info on additional implementations) are most welcome: https://github.com/fingolfin/ssh-comparison The comparison page shows for example that hmac-sha2-256 and hmac-sha2-512 support is quite good now; one notable SSH library not implementing it yet in a released version is libssh2, but they will have it in the next release (the code is in their repository already), which in turn should allow various clients based on it to support it. Another exception is lsh. Cheers, max
- RE: SSH key algorithm updates denis bider
- Re: SSH key algorithm updates Max Horn
- RE: SSH key algorithm updates Peter Gutmann
- Re: SSH key algorithm updates denis bider
- Re: SSH key algorithm updates Max Horn
- RE: SSH key algorithm updates Peter Gutmann
- Re: SSH key algorithm updates denis bider