This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cvega-nrel
Explorer
‎2020-07-28 08:38 AM

SSH key exchange algorithms

We're needing to tighten up our SSH settings if possible.

These two lines have been set in /etc/ssh/sshd_config and are producing the expected results.

Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha1

However, trying to set the key exchange algorithms with this does not work:

KexAlgorithms diffie-hellman-group14-sha1

I've tried various combos; the actual goal is to disable this one, as it shows up as available: diffie-hellman-group-exchange-sha1

| ssh2-enum-algos:
| kex_algorithms: (2)
| diffie-hellman-group-exchange-sha1
| diffie-hellman-group14-sha1

Regardless, the result of trying to set KexAlgorithms in any way is:

Starting sshd: /etc/ssh/sshd_config: line 89: Bad configuration option: KexAlgorithms
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[FAILED]

 

I thought CP uses standard OpenSSH, so in theory that option should work correct?

We're on R80.10 if that matters. Anyone have any ideas? Thanks!

0 Kudos
3 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events