From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: [PATCH v2 3/4] OpenSSH: Add alias name for sntrup761x25519-sha512 key exchange Date: Sat, 21 Sep 2024 15:29:59 +0000 Message-ID: <20240921153000.706916-3-peter.mueller@ipfire.org> In-Reply-To: <20240921153000.706916-1-peter.mueller@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7295398816986040182==" List-Id: --===============7295398816986040182== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This makes sure OpenSSH connections make use of this post-quantum key exchange whenever possible, even if one peer still running OpenSSH 9.8 or older. Signed-off-by: Peter M=C3=BCller --- config/ssh/ssh_config | 2 +- config/ssh/sshd_config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/ssh/ssh_config b/config/ssh/ssh_config index 5a9ad85c5..86f123e28 100644 --- a/config/ssh/ssh_config +++ b/config/ssh/ssh_config @@ -9,7 +9,7 @@ Host * UseRoaming no =20 # Only use secure crypto algorithms - KexAlgorithms sntrup761x25519-sha512,mlkem768x25519-sha256,curve2551= 9-sha256,curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256 + KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512(a)openss= h.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256(a)libssh.org,= diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,aes= 128-gcm(a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com= ,umac-128-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com =20 diff --git a/config/ssh/sshd_config b/config/ssh/sshd_config index 9229b6518..421416705 100644 --- a/config/ssh/sshd_config +++ b/config/ssh/sshd_config @@ -20,7 +20,7 @@ LoginGraceTime 30s MaxStartups 5 =20 # Only allow safe crypto algorithms -KexAlgorithms sntrup761x25519-sha512,mlkem768x25519-sha256,curve25519-sha256= ,curve25519-sha256(a)libssh.org,diffie-hellman-group-exchange-sha256 +KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512(a)openssh.com,ml= kem768x25519-sha256,curve25519-sha256,curve25519-sha256(a)libssh.org,diffie-h= ellman-group-exchange-sha256 Ciphers chacha20-poly1305(a)openssh.com,aes256-gcm(a)openssh.com,aes128-gcm(= a)openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm(a)openssh.com,hmac-sha2-256-etm(a)openssh.com,umac-12= 8-etm(a)openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128(a)openssh.com =20 --=20 2.39.5 --===============7295398816986040182==--