hierynomus/sshj

Add key exchange algorithm diffie-hellman-group-exchange-sha256

dkocher opened this issue · 7 comments

Currently only diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1 is implemented.

Any progress on this? It is becoming an issue due to many SSH servers deprecating support for the SHA-1 algorithm, so we cannot connect to them. How much work would be involved adding this support?

No progress on this yet. From what I read the flow for this exhange
algorithm seems different from the current ones. This might mean it's a
"big" refactoring.

2015-05-09 0:24 GMT+02:00 Andrew Donald Kennedy notifications@github.com:

Any progress on this? It is becoming an issue due to many SSH servers
deprecating support for the SHA-1 algorithm, so we cannot connect to them.
How much work would be involved adding this support?


Reply to this email directly or view it on GitHub
#167 (comment).

This issue blocks secure sshd configuration on every server that needs to be accessible via sshj. It's 2015 now and SHA-1 shouldn't be used for crypto, anymore - it's too easy to generate collisions on it. And RFC4419 where diffie-hellman-group-exchange-sha256 was defined is 9 years old already...

PS You might want to check the Secure Secure Shell article for some other sshd settings worth checking.

👏