Visweswara Rao Polisetti
2014-Dec-04 06:25 UTC
How to block weak ciphers and MACs in 6.2p2
Hi, It seems in openssh 6.7, all the weak ciphers and MAC algorithms got deprecated. What is the best way to do the same for 6.2p2 version? Adding following entries in sshd_config file causing sshd process crash whenever the client tries to connect. So, could you please suggest any other methods to achieve the same? # Secure Ciphers and MACs Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160 Thanks, Vissu.
On Thu, Dec 04, 2014 at 11:55:15 +0530, Visweswara Rao Polisetti wrote:> Hi, > > It seems in openssh 6.7, all the weak ciphers and MAC algorithms got > deprecated. What is the best way to do the same for 6.2p2 version? Adding > following entries in sshd_config file causing sshd process crash whenever > the client tries to connect. So, could you please suggest any other methods > to achieve the same? > > # Secure Ciphers and MACs > Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 > MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160 >That sounds like a bug to me. Could you send sshd -ddd and ssh -vvv output? -- Iain Morgan