Received: from malur.postgresql.org ([217.196.149.56])
 by arkaria.postgresql.org with esmtp (Exim 4.80) (envelope-from
 <pgadmin-support-owner+M14989=pgadmin-support-arka@postgresql.org>)
 id 1a2FGj-00036K-PV
 for pgadmin-support@arkaria.postgresql.org; Fri, 27 Nov 2015 09:24:41 +0000
Received: from localhost ([127.0.0.1] helo=postgresql.org)
 by malur.postgresql.org with smtp (Exim 4.84) (envelope-from
 <pgadmin-support-owner+M14989=pgadmin-support-arka@postgresql.org>)
 id 1a2FGj-0002Ui-13
 for pgadmin-support@arkaria.postgresql.org; Fri, 27 Nov 2015 09:24:41 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
 by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
 (Exim 4.84) (envelope-from <gcdpp-pgadmin-support@m.gmane.org>)
 id 1a2FGK-00023L-Ll
 for pgadmin-support@postgresql.org; Fri, 27 Nov 2015 09:24:16 +0000
Received: from plane.gmane.org ([80.91.229.3])
 by magus.postgresql.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.84) (envelope-from <gcdpp-pgadmin-support@m.gmane.org>)
 id 1a2FGH-0004q1-DX
 for pgadmin-support@postgresql.org; Fri, 27 Nov 2015 09:24:16 +0000
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <gcdpp-pgadmin-support@m.gmane.org>)
 id 1a2FG9-0002IP-7K
 for pgadmin-support@postgresql.org; Fri, 27 Nov 2015 10:24:05 +0100
Received: from vil30-2-88-179-56-196.fbx.proxad.net ([88.179.56.196])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <pgadmin-support@postgresql.org>; Fri, 27 Nov 2015 10:24:05 +0100
Received: from svoop_6cedifwf9e by vil30-2-88-179-56-196.fbx.proxad.net with
 local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00
 for <pgadmin-support@postgresql.org>; Fri, 27 Nov 2015 10:24:05 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: pgadmin-support@postgresql.org
From: Sven <svoop_6cedifwf9e@delirium.ch>
Subject: Re: SSH tunnel key exchange methods
Date: Fri, 27 Nov 2015 09:23:42 +0000 (UTC)
Lines: 12
Message-ID: <loom.20151127T101921-647@post.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: sea.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 88.179.56.196 (Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11;
 rv:42.0) Gecko/20100101 Firefox/42.0)
X-Pg-Spam-Score: -2.6 (--)
List-Archive: <http://archives.postgresql.org/pgadmin-support>
List-Help: <mailto:majordomo@postgresql.org?body=help>
List-ID: <pgadmin-support.postgresql.org>
List-Owner: <mailto:pgadmin-support-owner@postgresql.org>
List-Post: <mailto:pgadmin-support@postgresql.org>
List-Subscribe: <mailto:majordomo@postgresql.org?body=sub%20pgadmin-support>
List-Unsubscribe: 
 <mailto:majordomo@postgresql.org?body=unsub%20pgadmin-support>
X-Mailing-List: pgadmin-support
Precedence: bulk
Sender: pgadmin-support-owner@postgresql.org

> The key exchange methods offered when opening an SSH tunnel are all 
> SHA1 and therefore too weak:
>
> [sshd] fatal: Unable to negotiate with xxx.xxx.xxx.xxx: no matching 
> key exchange method found. Their offer:
> diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,
> diffie-hellman-group1-sha1 [preauth]

Any news on this? If there's no easy way to add safer kexes, I suggest 
you disable the SSH feature altogether. SHA1 is dead and IMO nobody 
should trust a connection established with SHA1 kexes in order to talk 
to databases.



-- 
Sent via pgadmin-support mailing list (pgadmin-support@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-support