What's Changed
- Current best practices for used ciphers, key exchanges and message authentication by @blaubaer in #102
⚠️ Breaking change warning
Since this version the default values are:
ssh.keys.exchangescurve25519-sha256@libssh.orgcurve25519-sha256diffie-hellman-group16-sha512
ssh.messages.authenticationshmac-sha2-512-etm@openssh.comhmac-sha2-256-etm@openssh.com
ssh.messages.ciphersaes256-gcm@openssh.comaes256-ctraes192-ctr
Due to this change (without adjusting the configuration) the following clients are required:
- OpenSSH since 7.4 (2016-12-19)
- Dropbear SSH since 2020.79 (2020-06-15)
To enable older clients check their capabilities and configure configuration settings (named above) accordingly.
⚠️ If you're using clients that does not support those settings we strongly recommend to update them instead weaking the settings of Bifröst.
Full Changelog: v0.5.14...v0.6.0