playing around with removing algos
Cristian Ionescu-Idbohrn
cristian.ionescu-idbohrn at axis.com
Mon May 8 22:16:55 AEST 2017
On Tue, 2 May 2017, Jakub Jelen wrote:
> On 05/01/2017 04:48 PM, Cristian Ionescu-Idbohrn wrote:
> > On Mon, 1 May 2017, Cristian Ionescu-Idbohrn wrote:
> > >
> > > Example, 'Macs'.
> > >
> > > On the man page I read:
> > >
> > > "Multiple algorithms must be comma-separated.
> > > ...
> > > If the specified value begins with a '-' character, then the
> > > specified algorithms (including wildcards) will be removed"
> > >
> > > It seems that just one algo name is supported on such a line, example:
> > >
> > > Macs -umac-64*
> > >
> > > But this form is not supported:
> > >
> > > Macs -umac-64*,-hmac-sha1*
> > >
> > > nor is this:
> > >
> > > Macs -umac-64*
> > > Macs -hmac-sha1*
> > >
> > > And I have difficulties in finding _one_ pattern that matches _only_
> > > the above algo families, but nothing else.
> > >
> > > Can you confirm this behaviour? Can it be improved?
Back here, then...
> I believe this is expected behavior and limitation of the current
> behavior. The manual page also says
Couldn't find this part:
> > For each parameter, the first obtained value will be used. [...]
Which manual page was that on?
But I found this:
> > [...] will be removed *from the default set instead of replacing them*.
>
> Therefore:
> * Only the default set is affected
> * The second Macs option is ignored (because Macs are already set)
>
> This might be confusing especially when specifying multiple values
> and improving that would be very nice.
Created bz#2715 with:
By accident, I just discovered a list of this form:
Macs=-umac-64*,hmac-sha1*
is supported (the '-' operates on the whole list).
This form:
Macs=-umac-64*,-hmac-sha1*
('-' in front of each pattern) is not supported.
Ideally, a mix like this:
Macs=-umac-64*,+foo*,-hmac-sha1*
offers the best flexibility, IMO.
Cheers,
--
Cristian
More information about the openssh-unix-dev
mailing list