On 10/18/2016 03:28 PM, Clint Dilks wrote:
question is are people generally modifying the list of ciphers supported by
the ssh client and sshd?
I suspect that "generally" people are not. I do, because I can, and so
that I can offer at least some advice to people who aim to do so.
On CentOS 6 currently it looks like if I remove all the ciphers they are
concerned about then I am left with Ciphers
aes128-ctr,aes192-ctr,aes256-ctr for both /etc/ssh/sshd_config and
If you're going to go down this road, you should probably look at key
exchanges and HMACs as well. On CentOS 7, I use:
On CentOS 6, I believe you'd have to drop all of the @openssh.com items.
Is just using these three ciphers like to cause me
any problems? Could having so few ciphers be creating a security concern
I don't think it'd be a security concern, just compatibility issues. So
far, I've had minimal problems with restricted algorithms. I do have to
make an exception for a slightly old WD MyBook World edition.
CentOS mailing list