[Info-vax] modern ssh on the old stack (VSI) versus new VSI stack (documentation)

Richard Whalen rvwhalen at gmail.com
Tue Mar 31 08:58:11 EDT 2020 

On Wednesday, March 25, 2020 at 1:02:21 PM UTC-4, gérard Calliet wrote:
> Hello,
> 
> Because I think you have a lot of time at home now, I have a question.
> 
> With VSI tcpip new stack, I have a lot of information in the SPD about 
> what can be done with ssh, for example:
> 
> """SSH functionality has been extended to include the following:
> • Diffie-Hellman-group14-sha256 (RFC 4250). This addition improves 
> security of the key exchange by using a hash with more bits.
> • Elliptic curve Diffie-Hellman (ECDH) key agreement [RFC 5656]. Curves 
> are: nistp256, nistp384, nistp521. The curve chosen will be sufficient 
> to support the hash for the host keys involved. For example: o If the 
> host key is ECDSA-nistp521, only the curve nistp521 will be available. o 
> If the host key is ECDSA-nistp384, the curves nistp384 and nistp521 will 
> be available. o If the host key is ECDSA-nistp256, the curves nistp256, 
> nistp384 and nistp521 will be available.
> • Elliptic curve digital signature algorithm (ECDSA) [RFC 5656]. Public 
> keys are written in a format close to what is used by OpenSSH; OpenSSH 
> public keys can be read as-is. The "Subject" and "Comment" lines in the 
> key may need to be removed to make the keys readable by OpenSSH. ECDSA 
> supports curves nistp256, nistp384, nistp521.
> ..... """
> 
> I cannot find something precise like that for the last versions of the 
> old tcpip stack delivered by VSI, including all good ECOs.
> 
> It is important for me to know about that to be able to determine if the 
> last versions of tcpip/ssh on the old stack (for itanium and for alpha) 
> are reasonably usable in the modern world, before being able to use the 
> new stack. Another reason behind that is knowing if is worth it to go to 
> VSI and tcpip (old stack) only to have more functionalities on ssh.
> 
> Take care
> 
> Gérard Calliet

You may have to go up to a higher debug level.  I had to use debug 3 with MultiNet SSH (which the VSI SSH is based on) to get the algorithms displayed.

More information about the Info-vax mailing list