Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

disallow specific ssh ciphers and/or MACS (white list approach)

Discussion in 'General Linux' started by kundai tinarwo, May 25, 2017.

  1. kundai tinarwo

    kundai tinarwo New Member

    Joined:
    May 25, 2017
    Messages:
    2
    Likes Received:
    0
    Hi people, I have a report detailing weak ssh ciphers on a system. How can I dis-allow these specific weak ciphers. The common solution which I am aware of is adding the following lines in sshd_config (which is a black list approach):

    Ciphers aes128-ctr,aes192-ctr,aes256-ctr
    MACs hmac-sha1,hmac-ripemd160



    The solution I am looking for is a config which in theory allows all ciphers and MACs except the weak ones (white list approach) as opposed to explicitly defining which ciphers to be allowed.
     
  2. Rob

    Rob Administrator
    Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    172
    Likes Received:
    469
    I like the answer you got on stackexchange.. list the allowed ones in the sshd_config (white list) and you have the option of disallowing (blacklist) by putting - in front of them:

    (from https://security.stackexchange.com/...c-ssh-ciphers-and-or-macs-white-list-approach)
     
  3. kundai tinarwo

    kundai tinarwo New Member

    Joined:
    May 25, 2017
    Messages:
    2
    Likes Received:
    0
    Oww okay cool, thanks alot
     

Share This Page