Disabling CBC Cipher mode causes login problems Post: 303034848

Sponsored Content

Top Forums UNIX for Advanced & Expert Users Disabling CBC Cipher mode causes login problems Post 303034848 by Neo on Wednesday 8th of May 2019 05:23:13 AM

05-08-2019

Administrator

According to the sshd_config man page (ubuntu):

Code:

 Ciphers
             Specifies the ciphers allowed.  Multiple ciphers must be comma-separated.  If the
             specified value begins with a �+' character, then the specified ciphers will be
             appended to the default set instead of replacing them.

             The supported ciphers are:

                   3des-cbc
                   aes128-cbc
                   aes192-cbc
                   aes256-cbc
                   aes128-ctr
                   aes192-ctr
                   aes256-ctr
                   aes128-gcm@openssh.com
                   aes256-gcm@openssh.com
                   arcfour
                   arcfour128
                   arcfour256
                   blowfish-cbc
                   cast128-cbc
                   chacha20-poly1305@openssh.com

             The default is:

                   chacha20-poly1305@openssh.com,
                   aes128-ctr,aes192-ctr,aes256-ctr,
                   aes128-gcm@openssh.com,aes256-gcm@openssh.com

             The list of available ciphers may also be obtained using the -Q option of ssh(1)
             with an argument of �cipher��.

Neo

View Public Profile for Neo

Visit Neo's homepage!

Find all posts by Neo

9 More Discussions You Might Find Interesting

1. SCO

Disabling root login

Hy, Coud someone tell me how to disable root login via terminal (only from console should be allowed). There is no ssh installed, only telnet. I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login? SCO OpenServer 5 ...

2. AIX

Problems with disabling remote root login

Hello! I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh. What i did: - in /etc/security/user i added a line: rlogin = false which works fine when i try to login through telnet - after installation of openSSH i edited...

3. AIX

disabling telnet login for root only

Hi, I want to disable telnet login for root only so that other users can telnet? Regards, Manoj

4. OS X (Apple)

Script Implementation for Disabling Re-Opening Previous Login

Ok guys, I'm just getting back to this amongst several other projects, but I thought I'd re-address it. I'm creating the script to disable windows from the previous login under 10.7. In order to do this it seems I need to create the same script for applications that launch and create the...

5. Ubuntu

Login Problems when the system is grub mode

Hi Experts, I am using ubuntu.When i am trying to login it is showing grub ..How i can overcome to this problem..Pls reply me ASAP.. Thanks, Sree

6. Solaris

Console-login in maintainance mode

I have a v490 server running Solaris 10. Everytime I reboot this machine, the console-login service goes to maintainance mode and I have to provide the root password. All the other dependencies are running fine and nothing there in the logs too. To bring it online, I have to enable it manually. ...

7. Debian

Disabling emergency and init mode

Hello all friends I recently disable runlevel 1 i want to know , is there any way to disable emergency mode and init mode init mode means if any user pass kernel parameter at grub i.e init=/bin/bash then bash shell appears I want to disable it for security purpose System = Debian 6...

8. Linux

Not able to login in graphical mode

Hi Guys After installing my CentOS in virtual machine i am not able to get the graphical mode. By default it is going in TUI mode. Please help how to get the graphical mode by default. I am already in init 5..... Thanks...:wall:

9. Solaris

Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm

Hi All Is any one know how to diable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm in solaris 10. Regards

LEARN ABOUT NETBSD

openssl_gendsa

GENDSA(1)							      OpenSSL								 GENDSA(1)

NAME

       gendsa - generate a DSA private key from a set of parameters

LIBRARY

       libcrypto, -lcrypto

SYNOPSIS

       openssl gendsa [-out filename] [-aes128] [-aes192] [-aes256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea] [-rand
       file(s)] [-engine id] [paramfile]

DESCRIPTION

       The gendsa command generates a DSA private key from a DSA parameter file (which will be typically generated by the openssl dsaparam
       command).

OPTIONS

       -aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea
	   These options encrypt the private key with specified cipher before outputting it. A pass phrase is prompted for.  If none of these
	   options is specified no encryption is used.

       -rand file(s)
	   a file or files containing random data used to seed the random number generator, or an EGD socket (see RAND_egd(3)).  Multiple files
	   can be specified separated by a OS-dependent character.  The separator is ; for MS-Windows, , for OpenVMS, and : for all others.

       -engine id
	   specifying an engine (by its unique id string) will cause gendsa to attempt to obtain a functional reference to the specified engine,
	   thus initialising it if needed. The engine will then be set as the default for all available algorithms.

       paramfile
	   This option specifies the DSA parameter file to use. The parameters in this file determine the size of the private key. DSA parameters
	   can be generated and examined using the openssl dsaparam command.

NOTES

       DSA key generation is little more than random number generation so it is much quicker that RSA key generation for example.

SEE ALSO

       openssl_dsaparam(1), openssl_dsa(1), openssl_genrsa(1), openssl_rsa(1)

1.0.1i								    2014-08-10								 GENDSA(1)