Hi, Based on the charts I already sent and using the recommendations from:
https://stribika.github.io/2015/01/04/secure-secure-shell.html and the openssh 7.0 release notes: http://www.openssh.com/txt/release-7.0 Here are some suggestions for changing the default things that are attempted. I think non-default support for all should be left in for some time, so that if needed they can be enabled on a case-to-case basis. Again, this is only about changing the defaults, not removing things (yet). Also, Colin has expressed interesting in trying to stick with upstreams defaults as much as possible. So the recommendations here are maybe things we want to see happen in upstream rather than just in Debian. As Debian is one of the more conservative distros, if _we_ think it can be dropped from the default, hopefully upstream does too! These are recommendations for stretch/sid primarily, but I also think they should be considered for jessie (or at least backported to jessie-backports, and wheezy-backports-sloppy once in stretch). Keys ==== get rid of * ssh-dss*: too small (1024), disabled upstream in 7.0 * NIST curves: known bad keep: * ssh-rsa*: existed forever, sha1 not a problem (as explained in above URL) * ssh-ed25519*: introduced in jessie Kex === get rid of * NIST curves: known bad * diffie-hellman-group1-sha1: too small (1024) and sha1 * diffie-hellman-group14-sha1: sha1 * diffie-hellman-group-exchange-sha1: sha1 keep * curve25519-sha256: introduced in jessie * diffie-hellman-group-exchange-sha256: has existed since squeeze at least Ciphers ======= get rid of * 3des-cbc: DES is broken * arcfour: RC4 is broken, disabled upstream in 7.0 * cast128-cbc: block size too small(64), disabled upstream in 7.0 * blowfish-cbc: disabled upstream in 7.0 * rijndael-...@lysator.liu.se: disabled upstream in 7.0 keep * aes*-cbc: since squeeze * aes*-ctr: since squeeze * aes*-gcm: since squeeze * chacha20-poly1...@openssh.com: since jessie MACs ==== get rid of * *md5*: MD5 is weak, disabled upstream in 7.0 * *sha1*: SHA1 is weak * umac-64*: tag too small (64) keep * hmac-ripemd160: since squeeze * hmac-sha2-*: since squeeze * umac-128: since jessie * hmac-ripemd160-...@openssh.com: since jessie * hmac-sha2-*-e...@openssh.com: since jessie I _think_ because options remain in each thing that were available in all older releases, these recommendations should allow interop back to squeeze. (and futher if enabled case-by-case of course) Thanks, -- Matt Taggart tagg...@debian.org
