|
|
|
|
|
|
by shawnz
2642 days ago
|
|
|
It looks like its a key exchange algorithm, not a host key algorithm. So you don't make keys with it, you just tell your client and server to try using it when connecting. You can specify it with the KexAlgorithms config property, like for example ssh -o "KexAlgorithms=whatever". Use ssh -Q kex to see what options are available on your installation. |
|
|
So to help everyone (read whole post first), you should probably have the line
KexAlgorithms sntrup4591761x25519-sha512@tinyssh.org,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
in /etc/ssh/sshd_config of server and /etc/ssh/ssh_config of client (under "Host ").
(The rest of the kex recommendations are from https://stribika.github.io/2015/01/04/secure-secure-shell.ht...)
---
However, for some reason after running "/usr/sbin/sshd -T" it said
"/etc/ssh/sshd_config line 2: Bad SSH2 KexAlgorithms 'sntrup4591761x25519-sha512@tinyssh.org'."
so I played around. It's hard for me to go back on everything I tried but a working solution seemed to be to add the
KexAlgorithms sntrup4591761x25519-sha512@tinyssh.org,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
line to server's "/usr/local/etc/sshd_config" and to client's "/usr/local/etc/ssh_config" under "Host ".
You then need to start the server by running "sudo /usr/local/sbin/sshd" and you need to use the ssh client with the binary "/usr/local/bin/ssh".