Remove custom SSH ciphers, MACs and HostKeyAlgorithms settings
Originally created by @sajolida on #7315 (Redmine)
Tails cannot connect with SSH to recent OpenBSD systems because the restricted set of MACs that is set in Tails doesn’t match any MAC accepted in OpenBSD by default.
Tails sets:
hmac-sha1,hmac-md5,hmac-ripemd160
OpenBSD accepts by default:
umac-64-etm
openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512@
See: http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config
I would find it very surprising if none of the MAC accepted by OpenBSD were good enough to our standards. So maybe our lists have to be review to the light of this finding.
Feature Branch: feature/7315-drop-custom-ssh-crypto-settings
Related issues
- Related to sysadmin#8677 (closed)
- Related to #8027 (closed)
-
Blocked by #6015 (closed)