Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
cvega-nrel
Explorer

SSH key exchange algorithms

We're needing to tighten up our SSH settings if possible.

These two lines have been set in /etc/ssh/sshd_config and are producing the expected results.

Ciphers aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha1

However, trying to set the key exchange algorithms with this does not work:

KexAlgorithms diffie-hellman-group14-sha1

I've tried various combos; the actual goal is to disable this one, as it shows up as available: diffie-hellman-group-exchange-sha1

| ssh2-enum-algos:
| kex_algorithms: (2)
| diffie-hellman-group-exchange-sha1
| diffie-hellman-group14-sha1

Regardless, the result of trying to set KexAlgorithms in any way is:

Starting sshd: /etc/ssh/sshd_config: line 89: Bad configuration option: KexAlgorithms
/etc/ssh/sshd_config: terminating, 1 bad configuration options
[FAILED]

 

I thought CP uses standard OpenSSH, so in theory that option should work correct?

We're on R80.10 if that matters. Anyone have any ideas? Thanks!

0 Kudos
3 Replies
This widget could not be displayed.