Visweswara Rao Polisetti
2014-Dec-04 06:25 UTC
How to block weak ciphers and MACs in 6.2p2
Hi,
It seems in openssh 6.7, all the weak ciphers and MAC algorithms got
deprecated. What is the best way to do the same for 6.2p2 version? Adding
following entries in sshd_config file causing sshd process crash whenever
the client tries to connect. So, could you please suggest any other methods
to achieve the same?
# Secure Ciphers and MACs
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128
MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160
Thanks,
Vissu.
On Thu, Dec 04, 2014 at 11:55:15 +0530, Visweswara Rao Polisetti wrote:> Hi, > > It seems in openssh 6.7, all the weak ciphers and MAC algorithms got > deprecated. What is the best way to do the same for 6.2p2 version? Adding > following entries in sshd_config file causing sshd process crash whenever > the client tries to connect. So, could you please suggest any other methods > to achieve the same? > > # Secure Ciphers and MACs > Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 > MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160 >That sounds like a bug to me. Could you send sshd -ddd and ssh -vvv output? -- Iain Morgan