Displaying 20 results from an estimated 1000 matches similar to: "[Bug 2333] New: forbid old Ciphers, KexAlgorithms and MACs by default"
2024 Jan 25
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
Hi,
I am running the below servers on Red Hat Enterprise Linux release 8.7
(Ootpa). The details are as follows.
# rpm -qa | grep openssh
openssh-8.0p1-16.el8.x86_64
openssh-askpass-8.0p1-16.el8.x86_64
openssh-server-8.0p1-16.el8.x86_64
openssh-clients-8.0p1-16.el8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
#
How do I enable strong KexAlgorithms, Ciphers and
2024 Jan 25
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
Hi Kaushal,
I maintain a set of SSH hardening guides for various platforms,
including RHEL 8. You can find them here:
https://ssh-audit.com/hardening_guides.html
- Joe
--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
On Thu, 2024-01-25 at 18:39 +0530, Kaushal Shriyan wrote:
> Hi,
>
> I am running the below servers on Red Hat Enterprise
2024 Jan 27
2
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
On Fri, Jan 26, 2024 at 7:24?PM Jochen Bern <Jochen.Bern at binect.de> wrote:
> On 25.01.24 14:09, Kaushal Shriyan wrote:
> > I am running the below servers on Red Hat Enterprise Linux release 8.7
> > How do I enable strong KexAlgorithms, Ciphers and MACs
>
> On RHEL 8, you need to be aware that there are "crypto policies"
> modifying sshd's behaviour,
2016 Oct 19
2
SSH Weak Ciphers
Am 19.10.2016 um 00:58 schrieb Gordon Messmer <gordon.messmer at gmail.com>:
> On 10/18/2016 03:28 PM, Clint Dilks wrote:
>> So first
>> question is are people generally modifying the list of ciphers supported by
>> the ssh client and sshd?
>
> I suspect that "generally" people are not. I do, because I can, and so that I can offer at least some advice
2016 Oct 18
0
SSH Weak Ciphers
On 10/18/2016 03:28 PM, Clint Dilks wrote:
> So first
> question is are people generally modifying the list of ciphers supported by
> the ssh client and sshd?
I suspect that "generally" people are not. I do, because I can, and so
that I can offer at least some advice to people who aim to do so.
> On CentOS 6 currently it looks like if I remove all the ciphers they are
2015 Jan 07
11
[Bug 2332] New: Show more secure fingerprints than MD5 (e.g. SHA256) in ssh and ssh-keygen
https://bugzilla.mindrot.org/show_bug.cgi?id=2332
Bug ID: 2332
Summary: Show more secure fingerprints than MD5 (e.g. SHA256)
in ssh and ssh-keygen
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
2024 Jan 27
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
BTW based on your output it looks like the DEFAULT policy is just fine,
If you really want to turn etm HMAC and chacha20 off, you should follow the RHEL security alert
https://access.redhat.com/security/cve/cve-2023-48795
cipher at SSH = -CHACHA20-POLY1305
ssh_etm = 0
by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
Hi all,
this is a patch to make Ciphers, MACs and KexAlgorithms available in
Match blocks. Now I can reach a -current machine with some Android
terminal app without changing the default ciphers for all clients:
Match Address 192.168.1.2
Ciphers aes128-cbc
MACs hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha1
Index: servconf.c
2018 Nov 23
2
Debian Stretch 9.6: openssh-server and old dropbear client don't work togheter
Il giorno gio 22 nov 2018 alle ore 21:24 Stuart Henderson
<stu at spacehopper.org> ha scritto:
>
> On 2018/11/22 19:55, owl700 at gmail.com wrote:
> > Hi, I have compatibility issues with the latest version of
> > openssh-server and an old dropbear client, the dopbear client stops at
> > preauth
> >
> > ov 22 14:34:03 myhostname sshd[3905]: debug1: Client
2024 Jan 26
1
enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
On 25.01.24 14:09, Kaushal Shriyan wrote:
> I am running the below servers on Red Hat Enterprise Linux release 8.7
> How do I enable strong KexAlgorithms, Ciphers and MACs
On RHEL 8, you need to be aware that there are "crypto policies"
modifying sshd's behaviour, and it would likely be the *preferred*
method to inject your intended config changes *there* (unless they
2016 Nov 08
4
one host only: ssh_dispatch_run_fatal
Darren Tucker <dtucker at zip.com.au> writes:
> On Tue, Nov 8, 2016 at 2:43 PM, Harry Putnam <reader at newsguy.com> wrote:
>> Darren Tucker <dtucker at zip.com.au> writes:
>>
>>> On Tue, Nov 8, 2016 at 1:02 PM, Harry Putnam <reader at newsguy.com> wrote:
>>> [...]
>>>> gv harry> ssh -vv 2x
>>>>
>>>>
2017 Jan 29
3
[Bug 2671] New: make possible to remove default ciphers/kexalgorithms/mac algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=2671
Bug ID: 2671
Summary: make possible to remove default
ciphers/kexalgorithms/mac algorithms
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2018 Mar 06
2
Failed connections 7.6 to 5.2
Trying to connect to a Dell iDRAC 6. The iDRAC reports it is running
OpenSSH 5.2.
From Fedora Linux 20 with OpenSSH 6.4p1, connections succeed.
From Fedora Linux 23 with OpenSSH 7.2p2, connections succeed.
From Fedora Linux 27 with OpenSSH 7.6p1, connections fail prior to
prompting for a password. The message is, "Received disconnect from (IP
address) port 22:11: Logged out." Trying
2024 Jan 10
1
[Bug 3653] New: ConnectTimeout causes issue when connecting to an host via tsocks
https://bugzilla.mindrot.org/show_bug.cgi?id=3653
Bug ID: 3653
Summary: ConnectTimeout causes issue when connecting to an host
via tsocks
Product: Portable OpenSSH
Version: 9.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
2013 Jan 17
1
Fwd: Re: Inconsisten declaration of ssh_aes_ctr_iv()
Oops, I meant to CC the list on this.
--
Iain
----- Forwarded message from Iain Morgan <Iain.Morgan at nasa.gov> -----
Date: Thu, 17 Jan 2013 14:51:01 -0800
From: Iain Morgan <Iain.Morgan at nasa.gov>
To: Damien Miller <djm at mindrot.org>
Subject: Re: Inconsisten declaration of ssh_aes_ctr_iv()
On Wed, Jan 16, 2013 at 21:26:39 -0600, Damien Miller wrote:
> On Mon, 14 Jan
2016 Feb 09
2
Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands
Thread split from my previous communication. Here is the key-commands logs
on the platform.
***************** failed-regress.log ************
trace: AuthorizedKeysCommand with arguments
FAIL: connect failed
trace: AuthorizedKeysCommand without arguments
FAIL: connect failed
***************** failed-ssh.log ************
trace: AuthorizedKeysCommand with arguments
2015 Jul 29
2
Updating from 6.6 - 6.9 SSH
And Server?
- Ben
Nick Stanoszek wrote:
> Please see below :). Just a note---this is the EXACT command that I
> use to log into the server BEFORE i try to update SSH. I continue to
> use this same command for other servers.
>
> Nicks-MacBook-Pro:Downloads$ ssh -i WHATEVERKEY.pem
> ubuntu at 54.200.249.185 <mailto:ubuntu at 54.200.249.185> -v -v -v -v
>
>
2016 Oct 20
2
Custom PAM module not working correctly
Hello,
I've developed a custom PAM module which only allows a user to
authenticate to the server only if another user of the same machine
also authenticates succesfully. It's currently a simple module which
also works as a PAM aware application since it authenticates each user
with PAM itself. Both the pamtester utility and su can use this module
correctly. However, when I try to use
2015 Jul 29
3
Updating from 6.6 - 6.9 SSH
No I'm referring to "sshd -ddd" (preferrable on a high port like -p
8080 so you don't break your current ability to connect to the
machine). As clearly the server is rejecting it. And only the server
side debug can tell us that.
- Ben
Nick Stanoszek wrote:
> I am using an AWS ubuntu 14.04 server...is that what you are asking?
>
> On Tue, Jul 28, 2015 at 10:00 PM,
2013 Nov 12
0
OpenSSH 6.4 connection to Cisco 6506 routers/switches fails
Just upgraded to OpenSSH_6.4 with OpenSSL 1.0.1e and libz.so.1.2.8.
Now some (but not all) Cisco router logins hang:
kraken> ssh -vv -l noc XXX-mgmt.gw
OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 50: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to XXX-mgmt.gw [10.12.0.1] port 22.