Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Disabling CBC Cipher mode causes login problems
Top Forums UNIX for Advanced & Expert Users Disabling CBC Cipher mode causes login problems Post 303034852 by Neo on Wednesday 8th of May 2019 06:00:52 AM
Old 05-08-2019
OBTW did you try this?

To disable CBC mode ciphers and weak MAC algorithms (MD5 and -96), add the following lines into the /etc/ssh/sshd_config file.

Code:
 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128
 MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160

Then (on linux)

Code:
 service sshd restart

 

9 More Discussions You Might Find Interesting

1. SCO

Disabling root login

Hy, Coud someone tell me how to disable root login via terminal (only from console should be allowed). There is no ssh installed, only telnet. I created a user which will have permission to su to root, but now i don't know where and what to modify to disable root login? SCO OpenServer 5 ... (1 Reply)
Discussion started by: veccinho
1 Replies

2. AIX

Problems with disabling remote root login

Hello! I'm going through security checklist for AIX 5.3 and i just can't disable remote login for root through ssh. What i did: - in /etc/security/user i added a line: rlogin = false which works fine when i try to login through telnet - after installation of openSSH i edited... (3 Replies)
Discussion started by: veccinho
3 Replies

3. AIX

disabling telnet login for root only

Hi, I want to disable telnet login for root only so that other users can telnet? Regards, Manoj (8 Replies)
Discussion started by: manoj.solaris
8 Replies

4. OS X (Apple)

Script Implementation for Disabling Re-Opening Previous Login

Ok guys, I'm just getting back to this amongst several other projects, but I thought I'd re-address it. I'm creating the script to disable windows from the previous login under 10.7. In order to do this it seems I need to create the same script for applications that launch and create the... (6 Replies)
Discussion started by: unimachead
6 Replies

5. Ubuntu

Login Problems when the system is grub mode

Hi Experts, I am using ubuntu.When i am trying to login it is showing grub ..How i can overcome to this problem..Pls reply me ASAP.. Thanks, Sree (1 Reply)
Discussion started by: sree vasu
1 Replies

6. Solaris

Console-login in maintainance mode

I have a v490 server running Solaris 10. Everytime I reboot this machine, the console-login service goes to maintainance mode and I have to provide the root password. All the other dependencies are running fine and nothing there in the logs too. To bring it online, I have to enable it manually. ... (1 Reply)
Discussion started by: aksijain
1 Replies

7. Debian

Disabling emergency and init mode

Hello all friends I recently disable runlevel 1 i want to know , is there any way to disable emergency mode and init mode init mode means if any user pass kernel parameter at grub i.e init=/bin/bash then bash shell appears I want to disable it for security purpose System = Debian 6... (4 Replies)
Discussion started by: rink
4 Replies

8. Linux

Not able to login in graphical mode

Hi Guys After installing my CentOS in virtual machine i am not able to get the graphical mode. By default it is going in TUI mode. Please help how to get the graphical mode by default. I am already in init 5..... Thanks...:wall: (1 Reply)
Discussion started by: deviltech
1 Replies

9. Solaris

Need to disable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm

Hi All Is any one know how to diable CBC mode cipher encryption along with MD5 & 96 bit MAC algorithm in solaris 10. Regards (4 Replies)
Discussion started by: amity
4 Replies

LEARN ABOUT DEBIAN

convert::pem::cbc

Convert::PEM::CBC(3pm)					User Contributed Perl Documentation				    Convert::PEM::CBC(3pm)

NAME

       Convert::PEM::CBC - Cipher Block Chaining Mode implementation

SYNOPSIS

	   use Convert::PEM::CBC;
	   my $cbc = Convert::PEM::CBC->new(
				Cipher	   => 'Crypt::DES_EDE3',
				Passphrase => 'foo'
		  );

	   my $plaintext = 'foo bar baz';
	   $cbc->encrypt($plaintext);

DESCRIPTION

       Convert::PEM::CBC implements the CBC (Cipher Block Chaining) mode for encryption/decryption ciphers; the CBC is designed for compatability
       with OpenSSL and may not be compatible with other implementations (such as SSH).

USAGE

   $cbc = Convert::PEM::CBC->new(%args)
       Creates a new Convert::PEM::CBC object and initializes it.  Returns the new object.

       %args can contain:

       o   Cipher

	   Either the name of an encryption cipher class (eg. Crypt::DES), or an object already blessed into such a class. The class must support
	   the keysize, blocksize, encrypt, and decrypt methods. If the value is a blessed object, it is assumed that the object has already been
	   initialized with a key.

	   This argument is mandatory.

       o   Passphrase

	   A passphrase to encrypt/decrypt the content. This is different in implementation from a key (Key), because it is assumed that a
	   passphrase comes directly from a user, and must be munged into the correct form for a key. This "munging" is done by repeatedly
	   computing an MD5 hash of the passphrase, the IV, and the existing hash, until the generated key is longer than the keysize for the
	   cipher (Cipher).

	   Because of this "munging", this argument can be any length (even an empty string).

	   If you give the Cipher argument an object, this argument is ignored. If the Cipher argument is a cipher class, either this argument or
	   Key must be provided.

       o   Key

	   A raw key, to be passed directly to the new cipher object. Because this is passed directly to the cipher itself, the length of the key
	   must be equal to or greater than the keysize for the Cipher.

	   As with the Passphrase argument, if you give the Cipher argument an already-constructed cipher object, this argument is ignored. If the
	   Cipher argument is a cipher class, either this argument or Passphrase must be provided.

       o   IV

	   The initialization vector for CBC mode.

	   This argument is optional; if not provided, a random IV will be generated. Obviously, if you're decrypting data, you should provide
	   this argument, because your IV should match the IV used to encrypt the data.

   $cbc->encrypt($plaintext)
       Encrypts the plaintext $plaintext using the underlying cipher implementation in CBC mode, and returns the ciphertext.

       If any errors occur, returns undef, and you should check the errstr method to find out what went wrong.

   $cbc->decrypt($ciphertext)
       Decrypts the ciphertext $ciphertext using the underlying cipher implementation in CBC mode, and returns the plaintext.

       If any errors occur, returns undef, and you should check the errstr method to find out what went wrong.

   $cbc->iv
       Returns the current initialization vector. One use for this might be to grab the initial value of the IV if it's created randomly (ie.  you
       haven't provided an IV argument to new):

	   my $cbc = Convert::PEM::CBC->new( Cipher => $cipher );
	   my $iv = $cbc->iv;	## Generated randomly in 'new'.

       Convert::PEM uses this to write the IV to the PEM file when encrypting, so that it can be known when trying to decrypt the file.

   $cbc->errstr
       Returns the value of the last error that occurred. This should only be considered meaningful when you've received undef from one of the
       functions above; in all other cases its relevance is undefined.

AUTHOR &; COPYRIGHTS
       Please see the Convert::PEM manpage for author, copyright, and license information.

perl v5.10.1							    2010-12-07						    Convert::PEM::CBC(3pm)
All times are GMT -4. The time now is 06:10 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy