Displaying 4 results from an estimated 4 matches for "opensshserv".
Did you mean:
opensshserver
2019 Oct 04
1
CentOS8 and crypto-policies
...arted playing with CentOS8 and I am trying to set default crypto
policies for openssh server/client. In CentOS7 I followed the guide
from https://infosec.mozilla.org/guidelines/openssh.html and set
KexAlgorithms /Ciphers/MACs in sshd_config.
In CentOS8 I can edit
/usr/share/crypto-policies/$POLICY/opensshserver.txt for the sshd
arguments, but editing openssh.txt or even changing default crypto
policy to FIPS seems to not affect the client options (ssh -Q mac)
Is the client supposed to be affected by these policies or they are
only for the server?
Regards,
2019 Oct 04
1
Mix/match C8 crypto policies
Is it possible to mix and match crypto policies using approved tools
in CentOS 8?
Our environment requires a LEGACY setting for OpenSSL so we can
maintain connections with our LDAP servers (which we cannot update at
this time), but I'd like especially the OpenSSH settings to use the
DEFAULT policy (and maybe even FUTURE on a test host or two).
I think it's possible to manually
2019 Oct 17
2
DSA key not accepted on CentOS even after enabling
...stp384,
ecdsa-sha2-nistp384-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521,
ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519,
ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com
So I found the unit file for sshd that refers
to /etc/crypto-policies/back-ends/opensshserver.config
In the mean time I was able to reach my target going and editing the
/etc/sysconfig/sshd file adding the whole line obtained from the above and
adding ssh-dss
CRYPTO_POLICY='-oCiphers=aes256-gcm at openssh.com,
chacha20-poly1305 at openssh.com,aes256-ctr,aes256-cbc,aes128-gcm at opens...
2019 Oct 17
0
DSA key not accepted on CentOS even after enabling
...84-cert-v01 at openssh.com,rsa-sha2-512,ecdsa-sha2-nistp521,
> ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519,
> ssh-ed25519-cert-v01 at openssh.com,ssh-rsa,ssh-rsa-cert-v01 at openssh.com
>
> So I found the unit file for sshd that refers
> to /etc/crypto-policies/back-ends/opensshserver.config
> In the mean time I was able to reach my target going and editing the
> /etc/sysconfig/sshd file adding the whole line obtained from the above and
> adding ssh-dss
>
> CRYPTO_POLICY='-oCiphers=aes256-gcm at openssh.com,
> chacha20-poly1305 at openssh.com,aes256-ctr,...