Re: SSH Cipher, SSH Hmac Version

d02a5074-1944-4 · ‎2019-07-08

Anyone can provide me the step of SSH Server Cipher and Hmac Version to change.

Thanks

Win

G_W_Albrecht · ‎2019-07-09

Honestly - no comprendo señor, can you please detail what you want to achieve ?

d02a5074-1944-4 · ‎2019-07-09

Hi G_W_Albrecht,

I mean, I want to change ssh cipher to strong encryption example ( ciphers aes256-cbc) and also hmac want to do the same

Thanks,

Win

Roman_Niewiado1 · ‎2019-07-09

To change SSH Ciphers you have to edit this file:

etc/ssh/sshd_config

regards

Roman

d02a5074-1944-4 · ‎2019-07-09

Hi Roman_Niewiad01

Meaning we need to access with winscp and edit sshd_config file? How about cipher hmac file?

Maik · ‎2019-07-10

Take a look at this thread.

It should explain the process to you 😉

d02a5074-1944-4 · ‎2019-07-16

Hi Roman

I see brother. I found this on the checkpoint.

# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

Cipher aes256-ctr

Are we able to change this? How about for Cipher 3des can change to higher version?

Best Regards,

Win

Roman_Niewiado1 · ‎2019-07-17

The last two lines in this files are the settings for the encryption.
If you are using R77.30 it could be, that the sshd is to old and the new settings don`t take affect.

d02a5074-1944-4 · ‎2019-07-17

Hi Roman,

Nope we are using R80.10

Bryce_Myers · ‎2019-07-18

You just need to modify the lines in /etc/ssh/ssh_config and /etc/ssh/sshd_config and restart sshd to take effect.

Bryce_Myers · ‎2019-07-18

In my /etc/ssh/sshd_config:
Ciphers aes256-ctr,aes128-ctr,aes192-ctr
MACs hmac-sha1

This will force other machines connecting via ssh to use those Cipers and MACs