Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Disabling CBC Cipher mode causes login problems
Top Forums UNIX for Advanced & Expert Users Disabling CBC Cipher mode causes login problems Post 303034848 by Neo on Wednesday 8th of May 2019 05:23:13 AM
Old 05-08-2019
According to the sshd_config man page (ubuntu):


Code:
 Ciphers
             Specifies the ciphers allowed.  Multiple ciphers must be comma-separated.  If the
             specified value begins with a ‘+' character, then the specified ciphers will be
             appended to the default set instead of replacing them.

             The supported ciphers are:

                   3des-cbc
                   aes128-cbc
                   aes192-cbc
                   aes256-cbc
                   aes128-ctr
                   aes192-ctr
                   aes256-ctr
                   aes128-gcm@openssh.com
                   aes256-gcm@openssh.com
                   arcfour
                   arcfour128
                   arcfour256
                   blowfish-cbc
                   cast128-cbc
                   chacha20-poly1305@openssh.com

             The default is:

                   chacha20-poly1305@openssh.com,
                   aes128-ctr,aes192-ctr,aes256-ctr,
                   aes128-gcm@openssh.com,aes256-gcm@openssh.com

             The list of available ciphers may also be obtained using the -Q option of ssh(1)
             with an argument of “cipher”¯.

 

9 More Discussions You Might Find Interesting

1. SCO

Disabling root login

Hy, Coud someone tell me how to disable root login via terminal (only from console should be allowed). There is no ssh installed, only telnet. I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login? SCO OpenServer 5 ... (1 Reply)
Discussion started by: veccinho
1 Replies

2. AIX

Problems with disabling remote root login

Hello! I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh. What i did: - in /etc/security/user i added a line: rlogin = false which works fine when i try to login through telnet - after installation of openSSH i edited... (3 Replies)
Discussion started by: veccinho
3 Replies

3. AIX

disabling telnet login for root only

Hi, I want to disable telnet login for root only so that other users can telnet? Regards, Manoj (8 Replies)
Discussion started by: manoj.solaris
8 Replies

4. OS X (Apple)

Script Implementation for Disabling Re-Opening Previous Login

Ok guys, I'm just getting back to this amongst several other projects, but I thought I'd re-address it. I'm creating the script to disable windows from the previous login under 10.7. In order to do this it seems I need to create the same script for applications that launch and create the... (6 Replies)
Discussion started by: unimachead
6 Replies

5. Ubuntu

Login Problems when the system is grub mode

Hi Experts, I am using ubuntu.When i am trying to login it is showing grub ..How i can overcome to this problem..Pls reply me ASAP.. Thanks, Sree (1 Reply)
Discussion started by: sree vasu
1 Replies

6. Solaris

Console-login in maintainance mode

I have a v490 server running Solaris 10. Everytime I reboot this machine, the console-login service goes to maintainance mode and I have to provide the root password. All the other dependencies are running fine and nothing there in the logs too. To bring it online, I have to enable it manually. ... (1 Reply)
Discussion started by: aksijain
1 Replies

7. Debian

Disabling emergency and init mode

Hello all friends I recently disable runlevel 1 i want to know , is there any way to disable emergency mode and init mode init mode means if any user pass kernel parameter at grub i.e init=/bin/bash then bash shell appears I want to disable it for security purpose System = Debian 6... (4 Replies)
Discussion started by: rink
4 Replies

8. Linux

Not able to login in graphical mode

Hi Guys After installing my CentOS in virtual machine i am not able to get the graphical mode. By default it is going in TUI mode. Please help how to get the graphical mode by default. I am already in init 5..... Thanks...:wall: (1 Reply)
Discussion started by: deviltech
1 Replies

9. Solaris

Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm

Hi All Is any one know how to diable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm in solaris 10. Regards (4 Replies)
Discussion started by: amity
4 Replies

LEARN ABOUT NETBSD

openssl_genrsa

GENRSA(1)							      OpenSSL								 GENRSA(1)

NAME

       genrsa - generate an RSA private key

LIBRARY

       libcrypto, -lcrypto

SYNOPSIS

       openssl genrsa [-out filename] [-passout arg] [-aes128] [-aes128] [-aes192] [-aes256] [-camellia128] [-camellia192] [-camellia256]
       [-aes192] [-aes256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-f4] [-3] [-rand file(s)] [-engine id] [numbits]

DESCRIPTION

       The genrsa command generates an RSA private key.

OPTIONS

       -out filename
	   the output filename. If this argument is not specified then standard output is used.

       -passout arg
	   the output file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).

       -aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea
	   These options encrypt the private key with specified cipher before outputting it. If none of these options is specified no encryption
	   is used. If encryption is used a pass phrase is prompted for if it is not supplied via the -passout argument.

       -F4|-3
	   the public exponent to use, either 65537 or 3. The default is 65537.

       -rand file(s)
	   a file or files containing random data used to seed the random number generator, or an EGD socket (see RAND_egd(3)).  Multiple files
	   can be specified separated by a OS-dependent character.  The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

       -engine id
	   specifying an engine (by its unique id string) will cause genrsa to attempt to obtain a functional reference to the specified engine,
	   thus initialising it if needed. The engine will then be set as the default for all available algorithms.

       numbits
	   the size of the private key to generate in bits. This must be the last option specified. The default is 512.

NOTES

       RSA private key generation essentially involves the generation of two prime numbers. When generating a private key various symbols will be
       output to indicate the progress of the generation. A . represents each number which has passed an initial sieve test, + means a number has
       passed a single round of the Miller-Rabin primality test. A newline means that the number has passed all the prime tests (the actual number
       depends on the key size).

       Because key generation is a random process the time taken to generate a key may vary somewhat.

BUGS

       A quirk of the prime generation algorithm is that it cannot generate small primes. Therefore the number of bits should not be less that 64.
       For typical private keys this will not matter because for security reasons they will be much larger (typically 1024 bits).

SEE ALSO

       openssl_gendsa(1)

1.0.1i								    2014-08-10								 GENRSA(1)
All times are GMT -4. The time now is 02:28 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy