Hi Forum,
today i noticed mikrotiks default config for ssh and their definition of “strong” ciphers:
apparently the null cipher is disabled by default now (which was not the case in my installation a few versions back) but im still not very satisfied with the offers.
The default situation ATM is the following:
KEXalgo DH 1024 Bit group
Server Host Key algo 2048 bit rsa
Cipher 128bit AES
SHA1 for hmac hash
With “strong” Ciphers its:
KEXalgo DH 2048 Bit group
Server Host Key algo 2048 bit rsa
Cipher 256bit AES
SHA2 for hmac hash
Disabled MD5
Disabled null-cipher
(see https://wiki.mikrotik.com/wiki/Manual:IP/SSH)
You could argue if 2048 bit rsa is still enough or not, but IMHO its certainly not best practise, why dont we use ed25519 as host key? Its more secure and faster.
And DH1024 is legacy for multiple years at this point while DH2048, well, its better but again, why dont we switch to much more modern KEX like curve25519 or atleast DH4096?
SHA1 is also obsolete but atleast their is a good replacement.
Im curious why only such only standards are supported and if this is going to change in the near future.
I know that most probabbly have ssh disabled from the internet, myself included, but IMHO thats just a bad excuse (if used).
Please support:
- ED25519 Host Keys
- Curve25519 KEX
- SHA2 as default
- Drop support for SHA1, MD5 and DH1024 since all of them are considered legacy for multiple years
Thanks!
Kind regards