EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSH cipher AES-GCM in SBB v12.0.266

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 02/14/2015 08:23:36
by Charles DeWeese (Standard support level)
Joined: 04/17/2008
Posts: 53

Am I correct to believe that these are not compatible with OpenSSH?

SBB identifies these ciphers as aes128-gcm and aes256-gcm

but after several unsuccessful attempts to use it with OpenSSH; I discovered that OpenSSH defines the cipher as aes128-gcm@openssh.com and aes256-gcm@openssh.com.

Further research lead me to OpenSSH 6.2 changelog which mentions the following:
ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
SSH protocol 2. The new cipher is available as aes128-gcm@openssh.com
and aes256-gcm@openssh.com. It uses an identical packet format to the
AES-GCM mode specified in RFC 5647, but uses simpler and different
selection rules during key exchange.

I was excited to see AES-GCM support but now it looks like we need support for the @openssh.com variant.
Posted: 02/14/2015 08:49:41
by Eugene Mayevski (EldoS Corp.)

Well, OpenSSH is known for not following common sense and standards and implementing everything in their own way. I don't think that we will implement something unless it's defined in any standard. I.e. if OpenSSH authors want OpenSSH to be compatible only with itself, we can't help this.

Sincerely yours
Eugene Mayevski
Posted: 02/14/2015 09:35:53
by Eugene Mayevski (EldoS Corp.)

We will check if we can add this openssh stuff without digging deep into OpenSSH itself. But no promises for now.

Sincerely yours
Eugene Mayevski



Topic viewed 460 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!