[Labs-l] sshd config: using newer ciphers and protocols
Maximilian Doerr
maximilian.doerr at gmail.com
Thu May 21 23:18:02 UTC 2015
I use SmartFTP because it gives me a beautiful GUI and a terminal simultaneously. The latest updates now make it impossible for me to login.
Cyberpower678
English Wikipedia Account Creation Team
Mailing List Moderator
-----Original Message-----
From: labs-l-bounces at lists.wikimedia.org [mailto:labs-l-bounces at lists.wikimedia.org] On Behalf Of Platonides
Sent: Thursday, May 21, 2015 6:39 PM
To: Wikimedia Labs
Subject: Re: [Labs-l] sshd config: using newer ciphers and protocols
On 21/05/15 21:31, Daniel Zahn wrote:
> Finding the right balance between security and supporting older
> clients can sometimes be tough, so sorry for any possible inconvience
> caused and let us know if any other issues that can't be solved by
> upgrading clients.
>
> Best regards,
>
> Daniel
Thanks for your work into safe ciphers, Daniel.
Is the list of compatible ssh clients after all such cipher stripping documented somewhere?
Also, I take the opportunity of warning everyone that there are
trojanized putty versions out there¹ that send out the user credentials
to the Bad Guys (not a risk for labs, but the same ssh client may be
used for other servers where passphrase authentication *is* enabled).
The official PuTTY web page is at
http://www.chiark.greenend.org.uk/~sgtatham/putty/ with putty.zip 0.64
sha256 being
ff7a0bde4008208a5e30097336c5a41a4ae99fb097839c01ca74cbff19cbe666
Needless to say, PuTTY users should be using the last version (0.64,
released 2015-02-28), there are several crashes prior to 0.63 and
although 0.64 does not really have big fixes (albeit the default of
allowing a SSH-1 downgrade is a bit scary), there's little reason for
not upgrading.
(I am assuming *nix users don't need to be reminded about using an
updated client… Mac OS users maybe?)
Have a safe ssh connection!
¹ http://blogs.cisco.com/security/trojanized-putty-software
http://www.symantec.com/connect/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information
_______________________________________________
Labs-l mailing list
Labs-l at lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/labs-l
More information about the Labs-l
mailing list