06-21-2021 10:50 AM - edited 06-21-2021 11:24 AM
Our new security policy needs us to have SSH login Key Exchange Algorithms to use only higher encryption like ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521and we need to disable other lower encryption exchanges.
Is there a way to find out what SSH login Key Exchange Algorithms are supported and only enable higer encryption like ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 CSPC Version 2.8.
Solved! Go to Solution.
06-23-2021 01:04 PM
Hi rhallan,
CSPC - 2.8.1.6, has the following ciphers enabled in /etc/ssh/sshd_config file.
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
You can remove the CBC ciphers and run service sshd restart.
For 2.9, Ciphers are chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-gcm@openssh.com, aes256-ctr, aes192-ctr,aes128-ctr .
Thank you
Regards,
Aishwarya Bhatnagar
06-21-2021 11:47 AM
Hi rhallan,
Hope you are you doing well!
We are looking into the issue you posted. We will reach out to you soon with an update.
Thank you
Regards,
Aishwarya Bhatnagar
06-23-2021 01:04 PM
Hi rhallan,
CSPC - 2.8.1.6, has the following ciphers enabled in /etc/ssh/sshd_config file.
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
You can remove the CBC ciphers and run service sshd restart.
For 2.9, Ciphers are chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-gcm@openssh.com, aes256-ctr, aes192-ctr,aes128-ctr .
Thank you
Regards,
Aishwarya Bhatnagar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: