Remove custom SSH ciphers, MACs and HostKeyAlgorithms settings
Tails cannot connect with SSH to recent OpenBSD systems because the restricted set of MACs that is set in Tails doesn’t match any MAC accepted in OpenBSD by default.
Tails sets:
hmac-sha1,hmac-md5,hmac-ripemd160
OpenBSD accepts by default:
umac-64-etm
openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512@
See: http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config
I would find it very surprising if none of the MAC accepted by OpenBSD were good enough to our standards. So maybe our lists have to be review to the light of this finding.
Feature Branch: feature/7315-drop-custom-ssh-crypto-settings
Related issues
- Related to #8677 (closed)
- Related to #8027 (closed)
-
Blocked by #6015 (closed)
Original created by @sajolida on 7315 (Redmine)