Welcome to Centmin Mod Community
Become a Member

Open ssh 7.0 is out

Discussion in 'CentOS, Redhat & Oracle Linux News' started by pamamolf, Aug 12, 2015.

  1. pamamolf

    pamamolf Well-Known Member

    2,818
    251
    83
    May 31, 2014
    Ratings:
    +445
    Local Time:
    12:28 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Hi
    Open ssh 7.0 is out:

    OpenSSH is a 100% complete SSH protocol 2.0 implementation and
    includes sftp client and server support. OpenSSH also includes
    transitional support for the legacy SSH 1.3 and 1.5 protocols
    that may be enabled at compile-time.

    Once again, we would like to thank the OpenSSH community for their
    continued support of the project, especially those who contributed
    code or patches, reported bugs, tested snapshots or donated to the
    project. More information on donations may be found at:
    Donations to OpenSSH

    Future deprecation notice
    =========================

    We plan on retiring more legacy cryptography in the next release
    including:

    * Refusing all RSA keys smaller than 1024 bits (the current minimum
    is 768 bits)

    * Several ciphers will be disabled by default: blowfish-cbc,
    cast128-cbc, all arcfour variants and the rijndael-cbc aliases
    for AES.

    * MD5-based HMAC algorithms will be disabled by default.

    This list reflects our current intentions, but please check the final
    release notes for OpenSSH 7.1 when it is released.

    Changes since OpenSSH 6.9
    =========================

    This focus of this release is primarily to deprecate weak, legacy
    and/or unsafe cryptography.

    Security
    --------

    * sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-
    writable. Local attackers may be able to write arbitrary messages
    to logged-in users, including terminal escape sequences.
    Reported by Nikolay Edigaryev.

    * sshd(8): Portable OpenSSH only: Fixed a privilege separation
    weakness related to PAM support. Attackers who could successfully
    compromise the pre-authentication process for remote code
    execution and who had valid credentials on the host could
    impersonate other users. Reported by Moritz Jodeit.

    * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug
    related to PAM support that was reachable by attackers who could
    compromise the pre-authentication process for remote code
    execution. Also reported by Moritz Jodeit.

    * sshd(8): fix circumvention of MaxAuthTries using keyboard-
    interactive authentication. By specifying a long, repeating
    keyboard-interactive "devices" string, an attacker could request
    the same authentication method be tried thousands of times in
    a single pass. The LoginGraceTime timeout in sshd(8) and any
    authentication failure delays implemented by the authentication
    mechanism itself were still applied. Found by Kingcope.

    Potentially-incompatible Changes
    --------------------------------

    * Support for the legacy SSH version 1 protocol is disabled by
    default at compile time.

    * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange
    is disabled by default at run-time. It may be re-enabled using
    the instructions at Using OpenSSH with legacy software

    * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled
    by default at run-time. These may be re-enabled using the
    instructions at Using OpenSSH with legacy software

    * Support for the legacy v00 cert format has been removed.

    * The default for the sshd_config(5) PermitRootLogin option has
    changed from "yes" to "prohibit-password".

    * PermitRootLogin=without-password/prohibit-password now bans all
    interactive authentication methods, allowing only public-key,
    hostbased and GSSAPI authentication (previously it permitted
    keyboard-interactive and password-less authentication if those
    were enabled).

    New Features
    ------------

    * ssh_config(5): add PubkeyAcceptedKeyTypes option to control which
    public key types are available for user authentication.

    * sshd_config(5): add HostKeyAlgorithms option to control which
    public key types are offered for host authentications.

    * ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms,
    HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes
    options to allow appending to the default set of algorithms
    instead of replacing it. Options may now be prefixed with a '+'
    to append to the default, e.g. "HostKeyAlgorithms=+ssh-dss".

    * sshd_config(5): PermitRootLogin now accepts an argument of
    'prohibit-password' as a less-ambiguous synonym of 'without-
    password'.

    Bugfixes
    --------

    * ssh(1), sshd(8): add compatability workarounds for Cisco and more
    PuTTY versions. bz#2424

    * Fix some omissions and errors in the PROTOCOL and PROTOCOL.mux
    documentation relating to Unix domain socket forwarding;
    bz#2421 bz#2422

    * ssh(1): Improve the ssh(1) manual page to include a better
    description of Unix domain socket forwarding; bz#2423

    * ssh(1), ssh-agent(1): skip uninitialised PKCS#11 slots, fixing
    failures to load keys when they are present. bz#2427

    * ssh(1), ssh-agent(1): do not ignore PKCS#11 hosted keys that wth
    empty CKA_ID; bz#2429

    * sshd(8): clarify documentation for UseDNS option; bz#2045
     
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,897
    6,907
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,402
    Local Time:
    8:28 PM
    Nginx 1.13.x
    MariaDB 5.5
    Unfortunately, for CentOS the best you can hope for is back ported patches heh
     
    • Informative Informative x 1
  3. eva2000

    eva2000 Administrator Staff Member

    30,897
    6,907
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,402
    Local Time:
    8:28 PM
    Nginx 1.13.x
    MariaDB 5.5
    CentOS 6.7 updated OpenSSH 5.3 to my own custom built OpenSSH 7.1p1 RPMs :D

    OpenSSH 7.1 notes http://www.openssh.com/txt/release-7.1

    Code:
    Future deprecation notice
    =========================
    
    We plan on retiring more legacy cryptography in the next release
    including:
    
    * Refusing all RSA keys smaller than 1024 bits (the current minimum
       is 768 bits)
    
    * Several ciphers will be disabled by default: blowfish-cbc,
       cast128-cbc, all arcfour variants and the rijndael-cbc aliases
       for AES.
    
    * MD5-based HMAC algorithms will be disabled by default.
    
    This list reflects our current intentions, but please check the final
    release notes for OpenSSH 7.2 when it is released.
    
    Changes since OpenSSH 7.0
    =========================
    
    This is a bugfix release.
    
    Security
    --------
    
    * sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin=
       prohibit-password/without-password that could, depending on
       compile-time configuration, permit password authentication to
       root while preventing other forms of authentication. This problem
       was reported by Mantas Mikulenas.
    
    Bugfixes
    --------
    
    * ssh(1), sshd(8): add compatibility workarounds for FuTTY
    
    * ssh(1), sshd(8): refine compatibility workarounds for WinSCP
    
    * Fix a number of memory faults (double-free, free of uninitialised
       memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz
       Kocielski.
    
    Checksums:
    ==========
    
    - SHA1 (openssh-7.1.tar.gz) = 06c1db39f33831fe004726e013b2cf84f1889042
    - SHA256 (openssh-7.1.tar.gz) = H7U1se9EoBmhkKi2i7lqpMX9QHdDTsgpu7kd5VZUGSY=
    
    - SHA1 (openssh-7.1p1.tar.gz) = ed22af19f962262c493fcc6ed8c8826b2761d9b6
    - SHA256 (openssh-7.1p1.tar.gz) = /AptLR0GPVxm3/2VJJPQzaJWytIE9oHeD4TvhbKthCg=
    
    Please note that the SHA256 signatures are base64 encoded and not
    hexadecimal (which is the default for most checksum tools). The PGP
    key used to sign the releases is available as RELEASE_KEY.asc from
    the mirror sites.
    
    Reporting Bugs:
    ===============
    
    - Please read http://www.openssh.com/report.html
      Security bugs should be reported directly to openssh@openssh.com
    Code:
    yum -q list openssh openssh-server openssh-clients
    
    Installed Packages
    openssh.x86_64                     7.1p1-1   installed
    openssh-clients.x86_64             7.1p1-1   installed
    openssh-server.x86_64              7.1p1-1   installed
    
    Code:
    service sshd restart
    
    Stopping sshd:                                             [  OK  ]
    ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
    Starting sshd:                                             [  OK  ]
    
    new ED25519 support
    Code:
    [LOCAL] : Available Remote Kex Methods = curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
    [LOCAL] : Selected Kex Method = ecdh-sha2-nistp256
    
    [LOCAL] : Available Remote Host Key Algos = ssh-ed25519,ssh-rsa
    [LOCAL] : Selected Host Key Algo = ssh-rsa
    
    [LOCAL] : Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    [LOCAL] : Selected Send Cipher = aes128-ctr
    
    [LOCAL] : Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    [LOCAL] : Selected Recv Cipher = aes128-ctr
    Code:
    [LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
    [LOCAL] : Using protocol SSH2
    [LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_7.1'
    [LOCAL] : CAP  : Remote can re-key
    [LOCAL] : CAP  : Remote sends language in password change requests
    [LOCAL] : CAP  : Remote sends algorithm name in PK_OK packets
    [LOCAL] : CAP  : Remote sends algorithm name in public key packets
    [LOCAL] : CAP  : Remote sends algorithm name in signatures
    [LOCAL] : CAP  : Remote sends error text in open failure packets
    [LOCAL] : CAP  : Remote sends name in service accept packets
    [LOCAL] : CAP  : Remote includes port number in x11 open packets
    [LOCAL] : CAP  : Remote uses 160 bit keys for SHA1 MAC
    [LOCAL] : CAP  : Remote supports new diffie-hellman group exchange messages
    [LOCAL] : CAP  : Remote correctly handles unknown SFTP extensions
    [LOCAL] : CAP  : Remote correctly encodes OID for gssapi
    [LOCAL] : CAP  : Remote correctly uses connected addresses in forwarded-tcpip requests
    [LOCAL] : CAP  : Remote can do SFTP version 4
    [LOCAL] : CAP  : Remote x.509v3 uses ASN.1 encoding for DSA signatures
    [LOCAL] : CAP  : Remote correctly handles zlib@openssh.com
    [LOCAL] : SEND : KEXINIT
    [LOCAL] : RECV : Read kexinit
    [LOCAL] : Available Remote Kex Methods = curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
    [LOCAL] : Selected Kex Method = ecdh-sha2-nistp256
    [LOCAL] : Available Remote Host Key Algos = ssh-ed25519,ssh-rsa
    [LOCAL] : Selected Host Key Algo = ssh-rsa
    [LOCAL] : Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    [LOCAL] : Selected Send Cipher = aes128-ctr
    [LOCAL] : Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    [LOCAL] : Selected Recv Cipher = aes128-ctr
    [LOCAL] : Available Remote Send Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    [LOCAL] : Selected Send Mac = hmac-sha1
    [LOCAL] : Available Remote Recv Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    [LOCAL] : Selected Recv Mac = hmac-sha1
    [LOCAL] : Available Remote Compressors = none,zlib@openssh.com
    [LOCAL] : Selected Compressor = zlib@openssh.com
    [LOCAL] : Available Remote Decompressors = none,zlib@openssh.com
    [LOCAL] : Selected Decompressor = zlib@openssh.com 
    so I can generated ssh key pairs using ed25519 ciphers instead of rsa
    Code:
    ssh-keygen help 
    Too many arguments.
    usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
                      [-N new_passphrase] [-C comment] [-f output_keyfile]
           ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
           ssh-keygen -i [-m key_format] [-f input_keyfile]
           ssh-keygen -e [-m key_format] [-f input_keyfile]
           ssh-keygen -y [-f input_keyfile]
           ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
           ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
           ssh-keygen -B [-f input_keyfile]
           ssh-keygen -D pkcs11
           ssh-keygen -F hostname [-f known_hosts_file] [-l]
           ssh-keygen -H [-f known_hosts_file]
           ssh-keygen -R hostname [-f known_hosts_file]
           ssh-keygen -r hostname [-f input_keyfile] [-g]
           ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
           ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
                      [-j start_line] [-K checkpt] [-W generator]
           ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
                      [-O option] [-V validity_interval] [-z serial_number] file ...
           ssh-keygen -L [-f input_keyfile]
           ssh-keygen -A
           ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
                      file ...
           ssh-keygen -Q -f krl_file file ...
    Code:
        Generating public/private ed25519 key pair.
        Created directory '/root/.ssh'.
        Your identification has been saved in /root/.ssh/my1.key.
        Your public key has been saved in /root/.ssh/my1.key.pub.
        The key fingerprint is:
        SHA256:6ZpM8wtpqGtOMMZgYyEuLNHCQKTY/eMynLAyRqj9/cY root@hostname
        The key's randomart image is:
        +--[ED25519 256]--+
        |O=               |
        |B+o.             |
        |*B. .            |
        |O .  .   .       |
        |++.   o S        |
        |++ + + +         |
        |+.+ * B..        |
        |.+.o B *E        |
        | o+.. =o+.       |
        +----[SHA256]-----+
    Code:
    rpm -ql openssh-server
    /etc/pam.d/sshd
    /etc/rc.d/init.d/sshd
    /etc/ssh
    /etc/ssh/sshd_config
    /usr/libexec/openssh/sftp-server
    /usr/sbin/sshd
    /usr/share/man/man5/moduli.5.gz
    /usr/share/man/man5/sshd_config.5.gz
    /usr/share/man/man8/sftp-server.8.gz
    /usr/share/man/man8/sshd.8.gz
    /var/empty/sshd
    
    rpm -ql openssh-clients
    /etc/ssh/ssh_config
    /usr/bin/sftp
    /usr/bin/slogin
    /usr/bin/ssh
    /usr/bin/ssh-add
    /usr/bin/ssh-agent
    /usr/bin/ssh-keyscan
    /usr/share/man/man1/sftp.1.gz
    /usr/share/man/man1/slogin.1.gz
    /usr/share/man/man1/ssh-add.1.gz
    /usr/share/man/man1/ssh-agent.1.gz
    /usr/share/man/man1/ssh-keyscan.1.gz
    /usr/share/man/man1/ssh.1.gz
    /usr/share/man/man5/ssh_config.5.gz
    
    rpm -ql openssh
    /etc/ssh
    /etc/ssh/moduli
    /usr/bin/scp
    /usr/bin/ssh-keygen
    /usr/libexec/openssh
    /usr/libexec/openssh/ssh-keysign
    /usr/libexec/openssh/ssh-pkcs11-helper
    /usr/share/doc/openssh-7.1p1
    /usr/share/doc/openssh-7.1p1/CREDITS
    /usr/share/doc/openssh-7.1p1/ChangeLog
    /usr/share/doc/openssh-7.1p1/INSTALL
    /usr/share/doc/openssh-7.1p1/LICENCE
    /usr/share/doc/openssh-7.1p1/OVERVIEW
    /usr/share/doc/openssh-7.1p1/PROTOCOL
    /usr/share/doc/openssh-7.1p1/PROTOCOL.agent
    /usr/share/doc/openssh-7.1p1/PROTOCOL.certkeys
    /usr/share/doc/openssh-7.1p1/PROTOCOL.chacha20poly1305
    /usr/share/doc/openssh-7.1p1/PROTOCOL.key
    /usr/share/doc/openssh-7.1p1/PROTOCOL.krl
    /usr/share/doc/openssh-7.1p1/PROTOCOL.mux
    /usr/share/doc/openssh-7.1p1/README
    /usr/share/doc/openssh-7.1p1/README.dns
    /usr/share/doc/openssh-7.1p1/README.platform
    /usr/share/doc/openssh-7.1p1/README.privsep
    /usr/share/doc/openssh-7.1p1/README.tun
    /usr/share/doc/openssh-7.1p1/TODO
    /usr/share/man/man1/scp.1.gz
    /usr/share/man/man1/ssh-keygen.1.gz
    /usr/share/man/man8/ssh-keysign.8.gz
    /usr/share/man/man8/ssh-pkcs11-helper.8.gz
     
    Last edited: Oct 18, 2015
    • Like Like x 1
  4. eva2000

    eva2000 Administrator Staff Member

    30,897
    6,907
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,402
    Local Time:
    8:28 PM
    Nginx 1.13.x
    MariaDB 5.5
    Looks like ecdsa ssh keys are already supported in OpenSSH 5.3p1 as CentOS/Redhat back ported support for them just they're not setup and configured out of the box.

    This is ecdsa ssh-keygen connection to CentOS 6.7 with updated OpenSSH 7.1p1 out of box default connection trace
    Code:
    [LOCAL] : Using protocol SSH2
    [LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_7.1'
    [LOCAL] : CAP  : Remote can re-key
    [LOCAL] : CAP  : Remote sends language in password change requests
    [LOCAL] : CAP  : Remote sends algorithm name in PK_OK packets
    [LOCAL] : CAP  : Remote sends algorithm name in public key packets
    [LOCAL] : CAP  : Remote sends algorithm name in signatures
    [LOCAL] : CAP  : Remote sends error text in open failure packets
    [LOCAL] : CAP  : Remote sends name in service accept packets
    [LOCAL] : CAP  : Remote includes port number in x11 open packets
    [LOCAL] : CAP  : Remote uses 160 bit keys for SHA1 MAC
    [LOCAL] : CAP  : Remote supports new diffie-hellman group exchange messages
    [LOCAL] : CAP  : Remote correctly handles unknown SFTP extensions
    [LOCAL] : CAP  : Remote correctly encodes OID for gssapi
    [LOCAL] : CAP  : Remote correctly uses connected addresses in forwarded-tcpip requests
    [LOCAL] : CAP  : Remote can do SFTP version 4
    [LOCAL] : CAP  : Remote x.509v3 uses ASN.1 encoding for DSA signatures
    [LOCAL] : CAP  : Remote correctly handles zlib@openssh.com
    [LOCAL] : SEND : KEXINIT
    [LOCAL] : RECV : Read kexinit
    [LOCAL] : Available Remote Kex Methods = curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
    [LOCAL] : Selected Kex Method = ecdh-sha2-nistp256
    [LOCAL] : Available Remote Host Key Algos = ssh-ed25519,ecdsa-sha2-nistp256,ssh-rsa
    [LOCAL] : Selected Host Key Algo = ssh-rsa
    [LOCAL] : Available Remote Send Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    [LOCAL] : Selected Send Cipher = aes128-ctr
    [LOCAL] : Available Remote Recv Ciphers = chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    [LOCAL] : Selected Recv Cipher = aes128-ctr
    [LOCAL] : Available Remote Send Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    [LOCAL] : Selected Send Mac = hmac-sha2-256
    [LOCAL] : Available Remote Recv Macs = umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    [LOCAL] : Selected Recv Mac = hmac-sha2-256
    [LOCAL] : Available Remote Compressors = none,zlib@openssh.com
    [LOCAL] : Selected Compressor = zlib@openssh.com
    [LOCAL] : Available Remote Decompressors = none,zlib@openssh.com
    [LOCAL] : Selected Decompressor = zlib@openssh.com 
    now if you properly configure CentOS 6.7 OpenSSH 5.3p1 for ecdsa keys support, you can connect via ecdsa keys instead of rsa keys
    Code:
    [LOCAL] : Using protocol SSH2
    [LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_5.3'
    [LOCAL] : CAP  : Remote can re-key
    [LOCAL] : CAP  : Remote sends language in password change requests
    [LOCAL] : CAP  : Remote sends algorithm name in PK_OK packets
    [LOCAL] : CAP  : Remote sends algorithm name in public key packets
    [LOCAL] : CAP  : Remote sends algorithm name in signatures
    [LOCAL] : CAP  : Remote sends error text in open failure packets
    [LOCAL] : CAP  : Remote sends name in service accept packets
    [LOCAL] : CAP  : Remote includes port number in x11 open packets
    [LOCAL] : CAP  : Remote uses 160 bit keys for SHA1 MAC
    [LOCAL] : CAP  : Remote supports new diffie-hellman group exchange messages
    [LOCAL] : CAP  : Remote correctly handles unknown SFTP extensions
    [LOCAL] : CAP  : Remote correctly encodes OID for gssapi
    [LOCAL] : CAP  : Remote correctly uses connected addresses in forwarded-tcpip requests
    [LOCAL] : CAP  : Remote can do SFTP version 4
    [LOCAL] : CAP  : Remote x.509v3 uses ASN.1 encoding for DSA signatures
    [LOCAL] : CAP  : Remote correctly handles zlib@openssh.com
    [LOCAL] : SEND : KEXINIT
    [LOCAL] : RECV : Read kexinit
    [LOCAL] : Available Remote Kex Methods = ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    [LOCAL] : Selected Kex Method = ecdh-sha2-nistp256
    [LOCAL] : Available Remote Host Key Algos = ecdsa-sha2-nistp256,ssh-rsa,ssh-dss
    [LOCAL] : Selected Host Key Algo = ssh-dss
    [LOCAL] : Available Remote Send Ciphers = aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    [LOCAL] : Selected Send Cipher = aes128-cbc
    [LOCAL] : Available Remote Recv Ciphers = aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    [LOCAL] : Selected Recv Cipher = aes128-cbc
    [LOCAL] : Available Remote Send Macs = hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    [LOCAL] : Selected Send Mac = hmac-sha2-256
    [LOCAL] : Available Remote Recv Macs = hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    [LOCAL] : Selected Recv Mac = hmac-sha2-256
    [LOCAL] : Available Remote Compressors = none,zlib@openssh.com
    [LOCAL] : Selected Compressor = zlib@openssh.com
    [LOCAL] : Available Remote Decompressors = none,zlib@openssh.com
    [LOCAL] : Selected Decompressor = zlib@openssh.com 
    generating RSA and ECDSA ssh keys very easy on SecureCRT SSH client I use :D

    securecrt-ssh-keygen-wizard-00.png

    securecrt-ssh-keygen-wizard-01.png

    securecrt-ssh-keygen-wizard-02.png

    securecrt-ssh-keygen-wizard-03.png

    securecrt-ssh-keygen-wizard-04.png
     
    Last edited: Oct 18, 2015
    • Like Like x 1