Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
T
tails
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 944
    • Issues 944
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 13
    • Merge Requests 13
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • tails
  • tails
  • Issues
  • #7315

Closed
Open
Opened May 27, 2014 by sajolida@sajolidaMaintainer1 of 1 task completed1/1 task

Remove custom SSH ciphers, MACs and HostKeyAlgorithms settings

Originally created by @sajolida on #7315 (Redmine)

Tails cannot connect with SSH to recent OpenBSD systems because the restricted set of MACs that is set in Tails doesn’t match any MAC accepted in OpenBSD by default.

Tails sets:

hmac-sha1,hmac-md5,hmac-ripemd160

OpenBSD accepts by default:

umac-64-etmopenssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512@

See: http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config

I would find it very surprising if none of the MAC accepted by OpenBSD were good enough to our standards. So maybe our lists have to be review to the light of this finding.

Feature Branch: feature/7315-drop-custom-ssh-crypto-settings

Related issues

  • Related to sysadmin#8677 (closed)
  • Related to #8027 (closed)
  • Blocked by #6015 (closed)
Edited May 15, 2020 by sajolida
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
Tails_2.4
Milestone
Tails_2.4 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: tails/tails#7315