Joe Testa
Joe Testa
@rein123: just thought I'd check again to see if perhaps an external instance is now available. Since the code looks right already, the only way to further debug this would...
@rein123 : Since some time has passed, I thought I'd check to see if any service is publicly available now that exhibits this behavior. Thanks!
Sure thing! And thanks for reporting it, regardless!
The patch was committed in https://github.com/openssh/openssh-portable/commit/97eb247f40167f44324e88a537d5b4fe771a63b2.
Completed in https://github.com/jtesta/ssh-audit/commit/aaa7d245657264492e3e3b483141b1e40408ec91.
You'd like to make it optional in which policy?
As far as I know, CTR mode doesn't have any problems. Sure, it doesn't include built-in integrity, but it would still work well as a fall-back. And 192-bit CTR is...
Thanks for contributing this guide! Could you please create a hardening guide in the wiki for this?: https://github.com/jtesta/ssh-audit/wiki/SSH-Hardening-Guides-Index Might you also have any metrics on how popular this platform is?
> I can draft one, but it should be taken with a grain of salt. I’m not deeply familiar with all the details of CoreOS. I found this "solution" mostly...
Thanks for the feedback! Next block of free time I get, I'll see what happens when the changes to sshd_config are removed. The reason they were included to begin with...