How to block weak ciphers and MACs in 6.2p2
Iain Morgan
imorgan at nas.nasa.gov
Fri Dec 5 06:54:44 EST 2014
On Thu, Dec 04, 2014 at 11:55:15 +0530, Visweswara Rao Polisetti wrote:
> Hi,
>
> It seems in openssh 6.7, all the weak ciphers and MAC algorithms got
> deprecated. What is the best way to do the same for 6.2p2 version? Adding
> following entries in sshd_config file causing sshd process crash whenever
> the client tries to connect. So, could you please suggest any other methods
> to achieve the same?
>
> # Secure Ciphers and MACs
> Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128
> MACs hmac-sha1,umac-64 at openssh.com,hmac-ripemd160
>
That sounds like a bug to me. Could you send sshd -ddd and ssh -vvv
output?
--
Iain Morgan
More information about the openssh-unix-dev
mailing list