Just checked my own sshd configs and I don’t use CBC in them. I’ve based the kex/cipher/Mac configs off of cipherlist.eu and the mozilla docs current standards. Guess it pays to never use default configs for sshd if it’s ever exposed to the Internet.
Edit: I read it wrong. It’s chacha20 OR CBC. I rely heavily on the former with none of the latter.
ChaCha20-Poly1305 and CBC with Encrypt-then-MAC ciphers are vulnerable to a MITM attack.
Saved you a click.
Why use CBC too? Cha-Cha20-Poly1305 is an AEAD, so both an assymetric plus a symmetric stream cipher.
Just checked my own sshd configs and I don’t use CBC in them. I’ve based the kex/cipher/Mac configs off of cipherlist.eu and the mozilla docs current standards. Guess it pays to never use default configs for sshd if it’s ever exposed to the Internet.
Edit: I read it wrong. It’s chacha20 OR CBC. I rely heavily on the former with none of the latter.
Ah thanks! Didn’t catch that.
I thought most SSH servers default to some AES-based cypher like most other programs. Is that not the case?