Re: more openssh trouble?

To: debian-user@lists.debian.org
Subject: Re: more openssh trouble?
From: en0f <en0f@bokey.mine.nu>
Date: Wed, 19 Nov 2008 06:08:50 +1030
Message-id: <[🔎] 492319CA.5080807@bokey.mine.nu>
Reply-to: en0f@bokey.mine.nu
In-reply-to: <[🔎] 20081118174156.GE4390@tatooine.rebelbase.local>
References: <[🔎] 20081118174156.GE4390@tatooine.rebelbase.local>

markus reichelt wrote:
> Hi,
> 
> http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
> 
> how does one switch from CBC mode to CTR mode?

>From sshd_config(5)-

Ciphers
             Specifies the ciphers allowed for protocol version 2.  Multiple
             ciphers must be comma-separated.  The supported ciphers are
             ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
             ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour128'',
             ``arcfour256'', ``arcfour'', ``blowfish-cbc'', and
             ``cast128-cbc''.  The default is:

                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
                arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
                aes192-ctr,aes256-ctr


So, get rid of cbc to ctr in your sshd_config file (typically found in /etc/ssh/).

Reply to:

References:
- more openssh trouble?
  - From: markus reichelt <ml@mareichelt.de>

Prev by Date: Re: bug advice
Next by Date: Re: problems during debian installation
Previous by thread: more openssh trouble?
Next by thread: bug advice
Index(es):
- Date
- Thread