Re: [pgadmin-support] SSH tunnel key exchange methods
| От | svoop_6cedifwf9e@delirium.ch |
|---|---|
| Тема | Re: [pgadmin-support] SSH tunnel key exchange methods |
| Дата | |
| Msg-id | CD40E294-0DB7-4380-BC6D-E5BCE8598FC8@delirium.ch обсуждение исходный текст |
| Ответ на | Re: [pgadmin-support] SSH tunnel key exchange methods (Akshay Joshi <akshay.joshi@enterprisedb.com>) |
| Список | pgadmin-hackers |
> Sven, how you have identified the key exchange algorithm used by libssh2, is there any way to identify using fingerprintor key?? I'm looking at what sshd logs on the server end. Or you start sshd with the "-d" argument which logs to stdout and preventssshd from being backgrounded. You could also harden sshd by adding the following to sshd_config (don't forget to restart the deamon afterwards): KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com Since SHA1 is not listed as KexAlgorithms, if the connection is still possible, the client must have used SHA256. Cheers, -sven
В списке pgadmin-hackers по дате отправления: