This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
d02a5074-1944-4
Explorer
‎2019-07-08 07:55 PM

SSH Cipher, SSH Hmac Version

Anyone can provide me the step of SSH Server Cipher and Hmac Version to change.

Thanks 

Win

0 Kudos
10 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2019-07-09 04:48 AM

Honestly - no comprendo señor, can you please detail what you want to achieve ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
d02a5074-1944-4
Explorer
‎2019-07-09 08:51 AM
In response to G_W_Albrecht

Hi G_W_Albrecht,

 

I mean, I want to change ssh cipher to strong encryption  example ( ciphers aes256-cbc) and also hmac want to do the same

Thanks,

Win

0 Kudos
Roman_Niewiado1
Contributor
‎2019-07-09 05:43 AM

To change SSH Ciphers you have to edit this file:

 

etc/ssh/sshd_config

 

regards

Roman

0 Kudos
d02a5074-1944-4
Explorer
‎2019-07-09 08:47 AM
In response to Roman_Niewiado1

Hi Roman_Niewiad01

 

Meaning we need to access with winscp and edit sshd_config file? How about cipher hmac file? 

0 Kudos
Maik
Advisor
‎2019-07-10 12:47 AM
In response to d02a5074-1944-4

Take a look at this thread.

It should explain the process to you 😉

0 Kudos
d02a5074-1944-4
Explorer
‎2019-07-16 06:19 PM
In response to Roman_Niewiado1

Hi Roman

 

I see brother. I found this on the checkpoint. 

# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

 

Cipher aes256-ctr

Are we able to change this? How about for Cipher 3des can change to higher version? 

 

Best Regards,

Win

 

0 Kudos
Roman_Niewiado1
Contributor
‎2019-07-17 01:52 AM
In response to d02a5074-1944-4

The last two lines in this files are the settings for the encryption.
If you are using R77.30 it could be, that the sshd is to old and the new settings don`t take affect.
0 Kudos
d02a5074-1944-4
Explorer
‎2019-07-17 03:32 AM
In response to Roman_Niewiado1

Hi Roman,

 

Nope we are using R80.10 

0 Kudos
Bryce_Myers
Collaborator
‎2019-07-18 08:00 AM
In response to d02a5074-1944-4

You just need to modify the lines in /etc/ssh/ssh_config and /etc/ssh/sshd_config and restart sshd to take effect.

 

 

0 Kudos
Bryce_Myers
Collaborator
‎2019-07-18 08:04 AM
In response to Bryce_Myers

In my /etc/ssh/sshd_config:
Ciphers aes256-ctr,aes128-ctr,aes192-ctr
MACs hmac-sha1

This will force other machines connecting via ssh to use those Cipers and MACs
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events