Bernd
Btw this also affects rhel crypto policy, if you use -gex14 it won’t remove it, only if you specify the full order of ciphers. That alone makes it a good...
I have an example of this with putty, find the output attached. NB: this putty has custom algorithm order. ```text # general (gen) client IP: ::1 (gen) banner: SSH-2.0-PuTTY_Release_0.79 (gen)...
You also might want to add the version info for curve448-sha512 (I assume it was introduced in openssh together with the curve25519-sha256 but not sure - how do you find...
Is that line discipline a module and can be blacklisted?
> Is that line discipline a module and can be blacklisted? Yes, you can `alias tty-ldisc-21 off` What I also found is that `sysctl dev.tty.ldisc_autoload=0` looks like a good general...
BTW we have major problems with any encodings containing $ as users routinely enter it unescaped on the command line
You can test yourself, with the alias https://neskaya.eckenfels.com apache will generate an warning, with https://eckenfels.com you will get a sucessful handshake. A sample trace is here http://bernd.eckenfels.net/view/alert.pcap . The alert...
Thanks for the patch and report. Maybe it’s too early for me, but why does the kernel deny the second host route? I also wonder why ip doesn’t set the...
I think the host flag was mostly related to routing protocols (announcements), so not setting it bydefaul but offering a -host switch might be an option, I am just not...
That look good, thanks!