How to block weak ciphers and MACs in 6.2p2

Iain Morgan imorgan at nas.nasa.gov
Fri Dec 5 06:54:44 EST 2014


On Thu, Dec 04, 2014 at 11:55:15 +0530, Visweswara Rao Polisetti wrote:
> Hi,
> 
>      It seems in openssh 6.7, all the weak ciphers and MAC algorithms got
> deprecated. What is the best way to do the same for 6.2p2 version? Adding
> following entries in sshd_config file causing sshd process crash whenever
> the client tries to connect. So, could you please suggest any other methods
> to achieve the same?
> 
> # Secure Ciphers and MACs
> Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128
> MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160
> 

That sounds like a bug to me. Could you send sshd -ddd and ssh -vvv
output?

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list