cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

431
Views
5
Helpful
5
Replies
Beginner

PI 2.1 Change SSH encryption / hash?

Is there any way to change the SSH2 encryption and hash settings PI 2.1 uses to connect to it's managed devices? Right now it is using AES-128 and MD5, but I would like to change it to AES-256 and SHA1.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Guru

It's not exposed in the GUI

It's not exposed in the GUI nor the PI configuration file.

If you drop down into the root shell you will see that PI uses sshd OpenSSH daemon.

It would be an unsupported change, but you might try modifying the sshd_conf file to specify the desired ciphers and hash. Be sure to backup first!

View solution in original post

5 REPLIES 5
Hall of Fame Guru

It's not exposed in the GUI

It's not exposed in the GUI nor the PI configuration file.

If you drop down into the root shell you will see that PI uses sshd OpenSSH daemon.

It would be an unsupported change, but you might try modifying the sshd_conf file to specify the desired ciphers and hash. Be sure to backup first!

View solution in original post

Beginner

Thanks Marvin, modified the

Thanks Marvin, modified the /etc/ssh/ssh_config file making the necessary changes. Now PI uses SHA1. Hopefully no future patches get clobber because of this! haha

Hall of Fame Guru

You're welcome - I'm glad it

You're welcome - I'm glad it worked. I was going on a hunch. :)

Can you share your modified ssh_config file for other seekers to reference?

Beginner

I won't show my exact config

I won't show my exact config file, but I will post the details below.

 

Basically what I did was modified the "Host *" template uncommenting what configuration items I wanted to change. You can leave the other sections commented out and openssh will continue to use default for things you have not specified.

 

So step one is to uncomment Host *.

Uncomment Ciphers and MAC lines.

Change any order you prefer for the Ciphers and MAC lines.

 

Save the file an reboot the linux OS. I exited the shell and typed reload in the CLI to reboot the linux OS. My system took around 5 minutes to fully reboot and load PI into it's usable state.

Hall of Fame Guru

Thanks! That'll help other

Thanks! That'll help other folks for sure.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards