Details
-
Suggestion
-
Resolution: Fixed
Description
I understand that it is not possible for Bitbucket to support ECDSA for SSH at this time. However I think improvements can still be made. Namely, I wonder if some higher-security MACs could be enabled?
This is the motivating article, for reference: https://stribika.github.io/2015/01/04/secure-secure-shell.html
Some examples of higher-security MACs are hmac-sha2-512-etm@openssh.com and hmac-sha2-256-etm@openssh.com.
Currently the Bitbucket SSH servers advertise these weak MACs to my client: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96.