Hi,
I'm was playing around with Tails 2.0 beta1, and i noticed that the default
SSH configuration is exactly the same as older versions (aes-ctr/aes-cbc
is prefered, and aes-gcm/chacha20-poly1305 aren't used), while the
OpenSSH version in Debian 8 is a lot newer and supports better crypto.
The current configuration is:
Ciphers aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc,3des-cbc
MACs hmac-sha1,hmac-md5,hmac-ripemd160
I suppose that something like this would be better:
Ciphers
chacha20-poly1305@???,aes256-gcm@???,aes256-ctr,aes256-cbc,aes128-gcm@???,aes128-ctr,aes128-cbc
MACs hmac-sha1,hmac-ripemd160
Regards,
Alfredo Tanner
(PGP: 567E B708 19AD A720 1578 2D29 1890 E5DD 7910 022F)