EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSH cipher AES-GCM in SBB v12.0.266

Posted: 02/14/2015 08:23:36
by Charles DeWeese (Standard support level)
Joined: 04/17/2008
Posts: 53

Am I correct to believe that these are not compatible with OpenSSH?

SBB identifies these ciphers as aes128-gcm and aes256-gcm

but after several unsuccessful attempts to use it with OpenSSH; I discovered that OpenSSH defines the cipher as aes128-gcm@openssh.com and aes256-gcm@openssh.com.

Further research lead me to OpenSSH 6.2 changelog which mentions the following:
ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
SSH protocol 2. The new cipher is available as aes128-gcm@openssh.com
and aes256-gcm@openssh.com. It uses an identical packet format to the
AES-GCM mode specified in RFC 5647, but uses simpler and different
selection rules during key exchange.

I was excited to see AES-GCM support but now it looks like we need support for the @openssh.com variant.
Posted: 02/14/2015 08:49:41
by Eugene Mayevski (Team)

Well, OpenSSH is known for not following common sense and standards and implementing everything in their own way. I don't think that we will implement something unless it's defined in any standard. I.e. if OpenSSH authors want OpenSSH to be compatible only with itself, we can't help this.

Sincerely yours
Eugene Mayevski
Posted: 02/14/2015 09:35:53
by Eugene Mayevski (Team)

We will check if we can add this openssh stuff without digging deep into OpenSSH itself. But no promises for now.

Sincerely yours
Eugene Mayevski



Topic viewed 500 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!