Re: more openssh trouble?
markus reichelt wrote:
> Hi,
>
> http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
>
> how does one switch from CBC mode to CTR mode?
>From sshd_config(5)-
Ciphers
Specifies the ciphers allowed for protocol version 2. Multiple
ciphers must be comma-separated. The supported ciphers are
``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour128'',
``arcfour256'', ``arcfour'', ``blowfish-cbc'', and
``cast128-cbc''. The default is:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
aes192-ctr,aes256-ctr
So, get rid of cbc to ctr in your sshd_config file (typically found in /etc/ssh/).
Reply to: