[SOLVED] Adding Ciphers to /etc/ssh/ssh_config and confirming
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The file /etc/ssh/ssh_config is the global configuration file for the clients.
In the client configuration file for the OpenSSH client, options are set based on first-match. The more specific definitions must come first and the more general defaults at the end. So check to make sure you added Ciphers in the right place, which should be at the beginning in order to apply to all connections.
Unsafe ciphers were removed in OpenSSH 7.2. So if you have that version of the client, the unsage ciphers you are trying to add won't be recognized or available.
Then on the server, I doubt that new ciphers are supported by the old version of OpenSSH you are showing unless Red Hat has backported them. Check the change log, or get some mileage out of the support contract you are paying for.
I hope a newer version of the OpenSSH server is available for you in backports because that would be the way to go so that you can use safer ciphers on the server side of things and won't need to damage the client settings.
OpenSSH 6.7 was from 2014 so that should have been reflected in the late 2016 RHEL document.
OpenSSH 7.2 was from earl 2016 so that should have also been in the RHEL document.
Get your money back from RHEL.
Upstream moved on. The unsafe MACs were removed in 6.7 and, I point out again, the unsafe ciphers removed in 7.2 and arcfour-* were mentioned explicitly.
OpenSSH 6.7 was from 2014 so that should have been reflected in the late 2016 RHEL document.
OpenSSH 7.2 was from earl 2016 so that should have also been in the RHEL document.
Get your money back from RHEL.
Upstream moved on. The unsafe MACs were removed in 6.7 and, I point out again, the unsafe ciphers removed in 7.2 and arcfour-* were mentioned explicitly.
Check the release notes, or the CVS change logs, too.
Well, I'm no Linux guru, however you got me curious as I really don't know alot about the changelogs or go thru them when facing an issue. I would like to get more into this habit.
I looked thru the release notes for OpenSSH 4.3p2 and didn't see any mention of arcfour Ciphers that were supposed to be removed. However I do see it where you mention it on the openssh changelog along with the removal of CBC ciphers.
I looked thru the changelog of openssh as well. I'm not going to post it as it goes all the way back to 27 Oct 1999. However RHEL5 was released sometime in 2007 and I started to look thru the log there and don't see any mention of arch cipher nor cbc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.