Home > mailing lists

Re: [pgadmin-support] SSH tunnel key exchange methods - Mailing list pgadmin-hackers

From	svoop_6cedifwf9e@delirium.ch
Subject	Re: [pgadmin-support] SSH tunnel key exchange methods
Date	December 2, 2015 20:16:33
Msg-id	CD40E294-0DB7-4380-BC6D-E5BCE8598FC8@delirium.ch Whole thread Raw
In response to	Re: [pgadmin-support] SSH tunnel key exchange methods (Akshay Joshi <akshay.joshi@enterprisedb.com>)
List	pgadmin-hackers

Tree view

> Sven, how you have identified the key exchange algorithm used by libssh2, is there any way to identify using
fingerprintor key?? 

I'm looking at what sshd logs on the server end. Or you start sshd with the "-d" argument which logs to stdout and
preventssshd from being backgrounded. 

You could also harden sshd by adding the following to sshd_config (don't forget to restart the deamon afterwards):

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs
hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com

Since SHA1 is not listed as KexAlgorithms, if the connection is still possible, the client must have used SHA256.

Cheers, -sven

pgadmin-hackers by date:

From: Akshay Joshi
Date: 02 December 2015, 16:22:16
Subject: Re: [pgadmin-support] SSH tunnel key exchange methods

From: Ashesh Vashi
Date: 04 December 2015, 14:49:23
Subject: pgAdmin 4 commit: Fixing few issues with context menu icon missing.

Re: [pgadmin-support] SSH tunnel key exchange methods - Mailing list pgadmin-hackers

Previous

Next