add openssh section for debian wheezy/openssh6.0
authorAaron Zauner <azet@azet.org>
Tue, 7 Jan 2014 20:18:37 +0000 (21:18 +0100)
committerAaron Zauner <azet@azet.org>
Tue, 7 Jan 2014 20:18:37 +0000 (21:18 +0100)
src/practical_settings/ssh.tex

index 57b462d..e3027c3 100644 (file)
@@ -1,6 +1,6 @@
 %%---------------------------------------------------------------------- 
 \subsection{OpenSSH}
-\subsubsection{Tested with Version} OpenSSH 6.4
+\subsubsection{Tested with Version} OpenSSH 6.4 (Debian jessie)
 \subsubsection{Settings}
 \paragraph*{sshd\_config}
 \begin{lstlisting}[breaklines]
        MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
        KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
 \end{lstlisting}
+\subsubsection{Tested with Version} OpenSSH 6.0p1 (Debian wheezy)
+\subsubsection{Settings}
+\paragraph*{sshd\_config}
+\begin{lstlisting}[breaklines]
+        # ...
+
+        Protocol 2
+        PermitEmptyPasswords no
+        PermitRootLogin no # or 'without-password' to allow SSH key based login
+        StrictModes yes
+        HostKey /etc/ssh/ssh_host_rsa_key
+       Ciphers aes256-ctr,aes128-ctr
+       MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
+       KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
+\end{lstlisting}
 
 \textbf{Note:} Older Linux systems won't support SHA2. PuTTY (Windows) does not support
 RIPE-MD160. Curve25519, AES-GCM and UMAC are only available upstream (OpenSSH
-6.1). DSA host keys have been removed on purpose, the DSS standard does not
+6.2). DSA host keys have been removed on purpose, the DSS standard does not
 support for DSA keys stronger than 1024bit
 \footnote{\url{https://bugzilla.mindrot.org/show_bug.cgi?id=1647}} which is far
 below current standards (see section \ref{section:keylengths}). Legacy systems