Patch: Ciphers, MACs and KexAlgorithms on Match
Damien Miller
djm at mindrot.org
Sun Jun 8 09:23:38 EST 2014
On Fri, 6 Jun 2014, Armin Wolfermann wrote:
> Hi all,
>
> this is a patch to make Ciphers, MACs and KexAlgorithms available in
> Match blocks. Now I can reach a -current machine with some Android
> terminal app without changing the default ciphers for all clients:
>
> Match Address 192.168.1.2
> Ciphers aes128-cbc
> MACs hmac-sha1
> KexAlgorithms diffie-hellman-group-exchange-sha1
Unfortunately, this a a bit confusing - some Match criteria only work
after key exchange has completed. If users try something like
Match user djm
Ciphers aes128-cbc
then it will never work. For this reason, we've made any any sshd_config
directives that must be applied before key exchange available by Match.
-d
More information about the openssh-unix-dev
mailing list