Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-10838

Support for more secure SSH MACs (BB-11891)

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      I understand that it is not possible for Bitbucket to support ECDSA for SSH at this time. However I think improvements can still be made. Namely, I wonder if some higher-security MACs could be enabled?

      This is the motivating article, for reference: https://stribika.github.io/2015/01/04/secure-secure-shell.html

      Some examples of higher-security MACs are hmac-sha2-512-etm@openssh.com and hmac-sha2-256-etm@openssh.com.

      Currently the Bitbucket SSH servers advertise these weak MACs to my client: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96.

      Attachments

        Activity

          People

            Unassigned Unassigned
            e5c16d6790f2 bchociej
            Votes:
            3 Vote for this issue
            Watchers:
            12 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: