Web lists-archives.com

Re: [Debian] Re: [Debian] Re: Undesired ssh login attempts




On Mon, 2018-06-11 at 14:51 +0300, Reco wrote:
> 	Hi.
> 
> On Mon, Jun 11, 2018 at 07:12:32AM -0400, Jim Popovitch wrote:
> > On Sun, 2018-06-10 at 14:27 +0300, Reco wrote:
> > > 
> > > Ciphers chacha20-poly1305@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx
> > 
> > What's your thoughts on extending that a bit by adding aes256-ctr
> > to
> > that list?
> 
> Don't use it, unless compatibility with certain Windows SSH clients
> is
> required. [1] is a good read on this Cipher.
> What I can consider is ADEAD variety of AES, but - I'm uncertain
> whenever it made its way to OpenSSH at all. It's not in Stretch's
> version of openssh, that's for sure.
> 

Hmmm.  I was reading [1] earlier and felt that "Don't use it" applied
to CBC but not CTR.  I use ConnectBot (Android SSH client app) and it
has a limited set of ciphers.

Thanks,

-Jim P.

Attachment: signature.asc
Description: This is a digitally signed message part