From 3dd45583508269dc0189277002e140dd0a1369ba Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 20 Nov 2015 21:03:37 +0100 Subject: ssh: documentation updates --- lib/ssh/doc/src/ssh_app.xml | 70 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 55 insertions(+), 15 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 29cbbd79a2..79dd1e210e 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -137,6 +137,19 @@

Supported algorithms are:

+ Key exchange algorithms + + + ecdh-sha2-nistp256 + ecdh-sha2-nistp384 + ecdh-sha2-nistp521 + diffie-hellman-group-exchange-sha1 + diffie-hellman-group-exchange-sha256 + diffie-hellman-group14-sha1 + diffie-hellman-group1-sha1 + + + Public key algorithms @@ -157,30 +170,26 @@ - Encryption algorithms + Encryption algorithms (ciphers) + aes128-gcm@openssh.com (AEAD_AES_128_GCM) + aes256-gcm@openssh.com (AEAD_AES_256_GCM) aes128-ctr aes192-ctr aes256-ctr aes128-cbc 3des-cbc +

Following the internet de-facto standard, the cipher and mac algorithm AEAD_AES_128_GCM is selected when the + cipher aes128-gcm@openssh.com is negotiated. The cipher and mac algorithm AEAD_AES_256_GCM is selected when the + cipher aes256-gcm@openssh.com is negotiated. +

+

See the text at the description of the rfc 5647 further down + for more information. +

- - Key exchange algorithms - - - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - diffie-hellman-group14-sha1 - diffie-hellman-group1-sha1 - - - + Compression algorithms @@ -255,6 +264,30 @@

+ RFC 5647, AES Galois Counter Mode for + the Secure Shell Transport Layer Protocol. +

There is an ambiguity in the synchronized selection of cipher and mac algorithm. + This is resolved by OpenSSH in the ciphers aes128-gcm@openssh.com and aes256-gcm@openssh.com which are implemented. + If the explicit ciphers and macs AEAD_AES_128_GCM or AEAD_AES_256_GCM are needed, + they could be enabled with the option preferred_algorithms. + + If the client or the server is not Erlang/OTP, it is the users responsibility to check that + other implementation has the same interpretation of AEAD_AES_*_GCM as the Erlang/OTP SSH before + enabling them. The aes*-gcm@openssh.com variants are always safe to use since they lack the + ambiguity. + +

+

The second paragraph in section 5.1 is resolved as: + + If the negotiated cipher is AEAD_AES_128_GCM, the mac algorithm is set to AEAD_AES_128_GCM. + If the negotiated cipher is AEAD_AES_256_GCM, the mac algorithm is set to AEAD_AES_256_GCM. + If the mac algorithm is AEAD_AES_128_GCM, the cipher is set to AEAD_AES_128_GCM. + If the mac algorithm is AEAD_AES_256_GCM, the cipher is set to AEAD_AES_256_GCM. + + The first rule that matches when read in order from the top is applied +

+ + RFC 5656, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer.

Except @@ -266,6 +299,13 @@

+ + RFC 6668, SHA-2 Data Integrity Verification for + the Secure Shell (SSH) Transport Layer Protocol +

Comment: Defines hmac-sha2-256 and hmac-sha2-512 +

+ + -- cgit v1.2.3