From 0145539b3cb6a72f62d39a6d401d409eb1de0474 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 1 Jun 2017 10:51:05 +0200 Subject: ssh: Doc for SSH application updated --- lib/ssh/doc/src/ssh_app.xml | 44 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 7 deletions(-) (limited to 'lib/ssh/doc/src/ssh_app.xml') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 74c4111338..33ec7aaee0 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -161,6 +161,8 @@ ecdsa-sha2-nistp521 ssh-rsa ssh-dss + rsa-sha2-256 + rsa-sha2-512 @@ -176,21 +178,23 @@ Encryption algorithms (ciphers) - aes128-gcm@openssh.com (AEAD_AES_128_GCM) - aes256-gcm@openssh.com (AEAD_AES_256_GCM) + aes128-gcm@openssh.com + aes256-gcm@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-cbc 3des-cbc + (AEAD_AES_128_GCM, not enabled per default) + (AEAD_AES_256_GCM, not enabled per default) +

See the text at the description of the rfc 5647 further down + for more information regarding AEAD_AES_*_GCM. +

Following the internet de-facto standard, the cipher and mac algorithm AEAD_AES_128_GCM is selected when the cipher aes128-gcm@openssh.com is negotiated. The cipher and mac algorithm AEAD_AES_256_GCM is selected when the cipher aes256-gcm@openssh.com is negotiated.

-

See the text at the description of the rfc 5647 further down - for more information. -

Compression algorithms @@ -235,7 +239,11 @@ RFC 4253, The Secure Shell (SSH) Transport Layer Protocol. -

+

Except

+ + 8.1. diffie-hellman-group1-sha1. Disabled by default, can be enabled with the preferred_algorithms option. + +

RFC 4254, The Secure Shell (SSH) Connection Protocol. @@ -310,7 +318,29 @@

- Work in progress: https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-05, Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) + Draft-ietf-curdle-ssh-kex-sha2 (work in progress), Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH). +

Deviations:

+ + The diffie-hellman-group1-sha1 is not enabled by default, but is still supported and can be enabled + with the option preferred-algorithms + The questionable sha1-based algorithms diffie-hellman-group-exchange-sha1 and + diffie-hellman-group14-sha1 are still enabled by default for compatibility with ancient clients and servers. + They can be disabled with the option preferred-algorithms + +

+ + + Draft-ietf-curdle-rsa-sha2 (work in progress), Use of RSA Keys with SHA-2 256 and 512 in Secure Shell (SSH). + + + Draft-ietf-curdle-ssh-ext-info (work in progress), Extension Negotiation in Secure Shell (SSH). +

Implemented are:

+ + The Extension Negotiation Mechanism + The extension server-sig-algs + +

+ -- cgit v1.2.3