Actions
Feature #27477
openAdd support for secure KEX/MAC algorithms
Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Description
Add support for connecting to hardened hosts using the following KEX and MACs, or a combination thereof.
KexAlgorithms curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
I believe net-ssh installed for CentOS (4.2) supports the aforementioned, but the proxy plugin is only offering:
sshd[19536]: Unable to negotiate with 1.2.3.4 port 54748: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 [preauth]
sshd[2986]: Unable to negotiate with 1.2.3.4 port 42358: no matching MAC found. Their offer: [preauth]
Environment:
- CentOS Linux release 7.6.1810 (Core)
- foreman-1.22.0-1.el7
- tfm-rubygem-foreman_remote_execution-1.8.2-1.fm1_22.el7
- tfm-rubygem-foreman_remote_execution_core-1.2.0-1.el7
- rubygem-smart_proxy_remote_execution_ssh-0.2.1-1.el7
- rubygem-net-ssh-4.2.0-1.el7
- tfm-rubygem-net-ssh-4.2.0-1.el7
No data to display
Actions