From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH 2/2] OpenSSH: Add ML-KEM x X25519 hybrid key exchange Date: Sat, 21 Sep 2024 13:53:46 +0000 Message-ID: <20240921135346.701801-2-peter.mueller@ipfire.org> In-Reply-To: <20240921135346.701801-1-peter.mueller@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2425649116895359241==" List-Id: --===============2425649116895359241== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This was newly introduced in OpenSSH 9.9, hence our custom configurations for both SSH server and client need to be updated. Signed-off-by: Peter M=C3=BCller --- config/ssh/ssh_config | 2 +- config/ssh/sshd_config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config index 85c069dda..5a9ad85c5 100644 --- a/config/ssh/ssh_config +++ b/config/ssh/ssh_config @@ -9,7 +9,7 @@ Host * UseRoaming no =20 # Only use secure crypto algorithms - KexAlgorithms sntrup761x25519-sha512(a)openssh.com,curve25519-sha256= ,curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256 + KexAlgorithms sntrup761x25519-sha512,mlkem768x25519-sha256,curve2551= 9-sha256,curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,aes= 128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com= ,umac-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com =20 diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config index 76c9b3eb1..9229b6518 100644 --- a/config/ssh/sshd_config +++ b/config/ssh/sshd_config @@ -20,7 +20,7 @@ LoginGraceTime 30s MaxStartups 5 =20 # Only allow safe crypto algorithms -KexAlgorithms sntrup761x25519-sha512(a)openssh.com,curve25519-sha256,curve25= 519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256 +KexAlgorithms sntrup761x25519-sha512,mlkem768x25519-sha256,curve25519-sha256= ,curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,aes128-gcm(= a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com,umac-12= 8-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com =20 --=20 2.39.5 --===============2425649116895359241==--