[Bug 2089] filter out bad host key algorithms

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Apr 19 11:09:10 EST 2013 

https://bugzilla.mindrot.org/show_bug.cgi?id=2089

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED
             Blocks|                            |2076

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
I implemented a query facility in ssh to allow users or scripts to
check which protocol features are available:

  -Q protocol_feature
          Queries ssh for the algorithms supported for the specified
          version 2 protocol_feature.  The queriable features are:
          ``cipher'' (supported symmetric ciphers), ``MAC'' (supported
          message integrity codes), ``KEX'' (key exchange algorithms),
          ``key'' (key types).  Protocol features are treated
          case-insensitively.

or, as an example:

$ ssh -Q cipher  
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc at lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm at openssh.com
aes256-gcm at openssh.com
$ ssh -Q mac    
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160 at openssh.com
umac-64 at openssh.com
umac-128 at openssh.com
hmac-sha1-etm at openssh.com
hmac-sha1-96-etm at openssh.com
hmac-sha2-256-etm at openssh.com
hmac-sha2-512-etm at openssh.com
hmac-md5-etm at openssh.com
hmac-md5-96-etm at openssh.com
hmac-ripemd160-etm at openssh.com
umac-64-etm at openssh.com
umac-128-etm at openssh.com
$ ssh -Q kex 
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
$ ssh -Q key 
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01 at openssh.com
ssh-dss-cert-v01 at openssh.com
ecdsa-sha2-nistp256-cert-v01 at openssh.com
ecdsa-sha2-nistp384-cert-v01 at openssh.com
ecdsa-sha2-nistp521-cert-v01 at openssh.com
ssh-rsa-cert-v00 at openssh.com
ssh-dss-cert-v00 at openssh.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list