Forum: Too Lazy BBS

Who's Online
Recent Visitors
- Guest
  Tue Jun 3 15:02:05 2025
  from Nc via Telnet
- Sykotik
  Mon Jun 2 00:49:24 2025
  from Canada via Telnet
- Sykotik
  Sun Jun 1 21:22:10 2025
  from Canada via Telnet
- Sykotik
  Sun Jun 1 20:53:22 2025
  from Canada via Telnet

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	28
Nodes:	6 (0 / 6)
Uptime:	91:55:47
Calls:	447
Calls today:	1
Files:	1,040
Messages:	94,279

SHH Cipher recommendations and "prohibitions" from =?UTF-8?Q?Debian=3F?

From c.buhtz@posteo.jp@21:1/5 to All on Tue May 13 11:40:01 2025

Hello,
I am upstream maintainer of "Back In Time" [1][2]. It is GUI backup
software using rsync, where rsync is able to connect via SSH to a remote
host.
Users are able to configure the Cipher used for that SSH connection.

The project is old and I wasn't the developer implementing this feature.
I know nearly nothing about Ciphers and stuff like this.

I would like to give my users some hands-on about the available and used ciphers. I would like to warn if they use an out-dated one and I want to recommend some.

But to do this I need a strong, official and trustful reference. Does
Debian has something like his?

I was able to find a list of recommendations from the BSI (a German institution) but without a list of out-dated Ciphers.
Also the NIST has a document, but I am not able to understand it. I
couldn't find a list in it.

What do you think?

Regards,
Christian Buhtz

[1] -- <https://github.com/bit-team/backintime>
[2] -- <https://tracker.debian.org/pkg/backintime>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Bartosz Fenski@21:1/5 to c.buhtz@posteo.jp on Tue May 13 12:50:01 2025

I'd start with something like https://github.com/jtesta/ssh-audit

Bartek

On 13/05/2025 11:35 AM, c.buhtz@posteo.jp wrote:

Hello,
I am upstream maintainer of "Back In Time" [1][2]. It is GUI backup
software using rsync, where rsync is able to connect via SSH to a
remote host.
Users are able to configure the Cipher used for that SSH connection.

The project is old and I wasn't the developer implementing this
feature. I know nearly nothing about Ciphers and stuff like this.

I would like to give my users some hands-on about the available and
used ciphers. I would like to warn if they use an out-dated one and I
want to recommend some.

But to do this I need a strong, official and trustful reference. Does
Debian has something like his?

I was able to find a list of recommendations from the BSI (a German institution) but without a list of out-dated Ciphers.
Also the NIST has a document, but I am not able to understand it. I
couldn't find a list in it.

What do you think?

Regards,
Christian Buhtz

[1] -- <https://github.com/bit-team/backintime>
[2] -- <https://tracker.debian.org/pkg/backintime>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)