Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Disabling CBC Cipher mode causes login problems
Top Forums UNIX for Advanced & Expert Users Disabling CBC Cipher mode causes login problems Post 303034852 by Neo on Wednesday 8th of May 2019 06:00:52 AM
Old 05-08-2019
OBTW did you try this?

To disable CBC mode ciphers and weak MAC algorithms (MD5 and -96), add the following lines into the /etc/ssh/sshd_config file.

Code:
 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128
 MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160

Then (on linux)

Code:
 service sshd restart

 

9 More Discussions You Might Find Interesting

1. SCO

Disabling root login

Hy, Coud someone tell me how to disable root login via terminal (only from console should be allowed). There is no ssh installed, only telnet. I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login? SCO OpenServer 5 ... (1 Reply)
Discussion started by: veccinho
1 Replies

2. AIX

Problems with disabling remote root login

Hello! I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh. What i did: - in /etc/security/user i added a line: rlogin = false which works fine when i try to login through telnet - after installation of openSSH i edited... (3 Replies)
Discussion started by: veccinho
3 Replies

3. AIX

disabling telnet login for root only

Hi, I want to disable telnet login for root only so that other users can telnet? Regards, Manoj (8 Replies)
Discussion started by: manoj.solaris
8 Replies

4. OS X (Apple)

Script Implementation for Disabling Re-Opening Previous Login

Ok guys, I'm just getting back to this amongst several other projects, but I thought I'd re-address it. I'm creating the script to disable windows from the previous login under 10.7. In order to do this it seems I need to create the same script for applications that launch and create the... (6 Replies)
Discussion started by: unimachead
6 Replies

5. Ubuntu

Login Problems when the system is grub mode

Hi Experts, I am using ubuntu.When i am trying to login it is showing grub ..How i can overcome to this problem..Pls reply me ASAP.. Thanks, Sree (1 Reply)
Discussion started by: sree vasu
1 Replies

6. Solaris

Console-login in maintainance mode

I have a v490 server running Solaris 10. Everytime I reboot this machine, the console-login service goes to maintainance mode and I have to provide the root password. All the other dependencies are running fine and nothing there in the logs too. To bring it online, I have to enable it manually. ... (1 Reply)
Discussion started by: aksijain
1 Replies

7. Debian

Disabling emergency and init mode

Hello all friends I recently disable runlevel 1 i want to know , is there any way to disable emergency mode and init mode init mode means if any user pass kernel parameter at grub i.e init=/bin/bash then bash shell appears I want to disable it for security purpose System = Debian 6... (4 Replies)
Discussion started by: rink
4 Replies

8. Linux

Not able to login in graphical mode

Hi Guys After installing my CentOS in virtual machine i am not able to get the graphical mode. By default it is going in TUI mode. Please help how to get the graphical mode by default. I am already in init 5..... Thanks...:wall: (1 Reply)
Discussion started by: deviltech
1 Replies

9. Solaris

Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm

Hi All Is any one know how to diable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm in solaris 10. Regards (4 Replies)
Discussion started by: amity
4 Replies

LEARN ABOUT PLAN9

blowfish

blowfish(n)						       Blowfish Block Cipher						       blowfish(n)

__________________________________________________________________________________________________________________________________________________

NAME

       blowfish - Implementation of the Blowfish block cipher

SYNOPSIS

       package require Tcl  8.4

       package require blowfish  ?1.0.4?

       ::blowfish::blowfish ?-mode [ecb|cbc]? ?-dir [encrypt|decrypt]? -key keydata ?-iv vector? ?-out channel? ?-chunksize size? ?-pad padchar? [
       -in channel | ?--? data ]

       ::blowfish::Init mode keydata iv

       ::blowfish::Encrypt Key data

       ::blowfish::Decrypt Key data

       ::blowfish::Reset Key iv

       ::blowfish::Final Key

_________________________________________________________________

DESCRIPTION

       This package is an implementation in Tcl of the Blowfish algorithm developed by Bruce Schneier [1].  Blowfish  is  a  64-bit  block  cipher
       designed  to  operate  quickly  on  32 bit architectures and accepting a variable key length. This implementation supports ECB and CBC mode
       blowfish encryption.

COMMANDS

       ::blowfish::blowfish ?-mode [ecb|cbc]? ?-dir [encrypt|decrypt]? -key keydata ?-iv vector? ?-out channel? ?-chunksize size? ?-pad padchar? [
       -in channel | ?--? data ]
	      Perform  the  blowfish  algorithm  on  either the data provided by the argument or on the data read from the -in channel. If an -out
	      channel is given then the result will be written to this channel.

	      The -key option must be given. This parameter takes a binary string of variable length and is used  to  generate	the  blowfish  key
	      schedule.  You  should  be aware that creating a key schedule is quite an expensive operation in blowfish so it is worth reusing the
	      key where possible. See Reset.

	      The -mode and -dir options are optional and default to cbc mode and encrypt respectively. The initialization vector -iv takes  an  8
	      byte binary argument which defaults to 8 zeros.  See MODES OF OPERATION for more about available modes and their uses.

	      Blowfish	is  a 64-bit block cipher. This means that the data must be provided in units that are a multiple of 8 bytes. The blowfish
	      command will by default add nul characters to pad the input data to a multiple of 8 bytes if necessary. The programming api commands
	      will never add padding and instead will raise an error if the input is not a multiple of the block size. The -pad option can be used
	      to change the padding character or to disable padding if the empty string is provided as the argument.

PROGRAMMING INTERFACE

       ::blowfish::Init mode keydata iv
	      Construct a new blowfish key schedule using the specified key data and the given initialization vector. The initialization vector is
	      not used with ECB mode but is important for CBC mode.  See MODES OF OPERATION for details about cipher modes.

       ::blowfish::Encrypt Key data
	      Use  a prepared key acquired by calling Init to encrypt the provided data. The data argument should be a binary array that is a mul-
	      tiple of the block size of 8 bytes. The result is a binary array the same size as the input of encrypted data.

       ::blowfish::Decrypt Key data
	      Decipher data using the key. Note that the same key may be used to encrypt and decrypt data provided that the initialization  vector
	      is reset appropriately for CBC mode.

       ::blowfish::Reset Key iv
	      Reset  the  initialization  vector. This permits the programmer to re-use a key and avoid the cost of re-generating the key schedule
	      where the same key data is being used multiple times.

       ::blowfish::Final Key
	      This should be called to clean up resources associated with Key.	Once this function has been called the key may not be used again.

MODES OF OPERATION

       Electronic Code Book (ECB)
	      ECB is the basic mode of all block ciphers. Each block is encrypted independently and so identical plain text will produce identical
	      output  when  encrypted with the same key. Any encryption errors will only affect a single block however this is vulnerable to known
	      plaintext attacks.

       Cipher Block Chaining (CBC)
	      CBC mode uses the output of the last block encryption to affect the current block. An initialization vector of the same size as  the
	      cipher  block  size  is  used  to handle the first block. The initialization vector should be chosen randomly and transmitted as the
	      first block of the output. Errors in encryption affect the current block and the next block after  which	the  cipher  will  correct
	      itself. CBC is the most commonly used mode in software encryption.

EXAMPLES

       % blowfish::blowfish -hex -mode ecb -dir encrypt -key secret01 "hello, world!"
       d0d8f27e7a374b9e2dbd9938dd04195a

	set Key [blowfish::Init cbc $eight_bytes_key_data $eight_byte_iv]
	append ciphertext [blowfish::Encrypt $Key $plaintext]
	append ciphertext [blowfish::Encrypt $Key $additional_plaintext]
	blowfish::Final $Key

REFERENCES

       [1]    Schneier, B. "Applied Cryptography, 2nd edition", 1996, ISBN 0-471-11709-9, pub. John Wiley & Sons.

AUTHORS

       Frank Pilhofer, Pat Thoyts

BUGS, IDEAS, FEEDBACK
       This document, and the package it describes, will undoubtedly contain bugs and other problems.  Please report such in the category blowfish
       of the Tcllib SF Trackers [http://sourceforge.net/tracker/?group_id=12883].  Please also report any ideas for enhancements you may have for
       either package and/or documentation.

SEE ALSO

       3des, des, rc4

KEYWORDS

       block cipher, blowfish, cryptography, encryption, security

COPYRIGHT

       Copyright (c) 2003, Pat Thoyts <patthoyts@users.sourceforge.net>

blowfish							       1.0.3							       blowfish(n)
All times are GMT -4. The time now is 05:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy