Ssh Ciphers

From UVOO Tech Wiki
Revision as of 22:50, 18 February 2022 by Busk (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

https://www.thegeekdiary.com/how-to-disable-weak-cipher-and-insecure-hmac-algorithms-in-ssh-services-in-centos-rhel-8/ 

ssh -Q kex host.example.com
ssh -Q cipher host.example.com

You can manually try ciphers and then end up using something like sftp -c aes256-cbc -oKexAlgorithms=diffie-hellman-group14-sha1host.example.com but it's better to just update server to support newer ciphers. 

sudo sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"
Raw
 sshd -T shows full SSHD config file 
Also you could try nmap as well:

Raw
nmap -vv --script=ssh2-enum-algos.nse localhost
Or another:

Raw
 gnutls-cli -l
Or:

Raw
ssh -Q mac
Raw
ssh –vv Servername ciphers listed
ssh –Q kex
ssh -Q cipher
 ssh -Q cipher-auth
  ssh -Q mac
  ssh -Q kex
  ssh -Q key
Retrieved from "https://tech.uvoo.io/index.php?title=Ssh_Ciphers&oldid=2731"