[CentOS] SSH Weak Ciphers

Wed Oct 19 17:14:25 UTC 2016
Leon Fauster <leonfauster at googlemail.com>

Am 19.10.2016 um 17:05 schrieb Chris Adams <linux at cmadams.net>:
> Once upon a time, Erik Laxdal <elaxdal at ece.uvic.ca> said:
>> The supported KexAlgorithms, Ciphers, and MACs are generally listed
>> in the sshd_config man page.  So 'man sshd_config' then look for the
>> section of the item of interest.
> 
> Note that the man page does not always match the actual compiled binary
> (the build process does not update the man page to match configuration).

That was my assumption.


> The best way is to run "ssh -Q cipher" (as mentioned in the ssh_config
> and sshd_config man pages under Ciphers).


Great! For

# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

# echo cipher  cipher-auth  mac  kex  key |xargs -n1 ssh -Q

shows all informations.

Unfortunately that applies only to EL7. ssh's version of EL{5,6} doesn't have the Q switch. 

--
LF