cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1686
Views
5
Helpful
5
Replies

PI 2.1 Change SSH encryption / hash?

Seth Bjorn
Level 1
Level 1

Is there any way to change the SSH2 encryption and hash settings PI 2.1 uses to connect to it's managed devices? Right now it is using AES-128 and MD5, but I would like to change it to AES-256 and SHA1.

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

It's not exposed in the GUI nor the PI configuration file.

If you drop down into the root shell you will see that PI uses sshd OpenSSH daemon.

It would be an unsupported change, but you might try modifying the sshd_conf file to specify the desired ciphers and hash. Be sure to backup first!

View solution in original post

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

It's not exposed in the GUI nor the PI configuration file.

If you drop down into the root shell you will see that PI uses sshd OpenSSH daemon.

It would be an unsupported change, but you might try modifying the sshd_conf file to specify the desired ciphers and hash. Be sure to backup first!

Thanks Marvin, modified the /etc/ssh/ssh_config file making the necessary changes. Now PI uses SHA1. Hopefully no future patches get clobber because of this! haha

You're welcome - I'm glad it worked. I was going on a hunch. :)

Can you share your modified ssh_config file for other seekers to reference?

I won't show my exact config file, but I will post the details below.

 

Basically what I did was modified the "Host *" template uncommenting what configuration items I wanted to change. You can leave the other sections commented out and openssh will continue to use default for things you have not specified.

 

So step one is to uncomment Host *.

Uncomment Ciphers and MAC lines.

Change any order you prefer for the Ciphers and MAC lines.

 

Save the file an reboot the linux OS. I exited the shell and typed reload in the CLI to reboot the linux OS. My system took around 5 minutes to fully reboot and load PI into it's usable state.

Thanks! That'll help other folks for sure.

Review Cisco Networking for a $25 gift card