[CentOS] CentOS8 and crypto-policies

Fri Oct 4 07:49:09 UTC 2019
Todor Petkov <petkovptodor at gmail.com>


I started playing with CentOS8 and I am trying to set default crypto
policies for openssh server/client. In CentOS7 I followed the guide
from https://infosec.mozilla.org/guidelines/openssh.html and set
KexAlgorithms /Ciphers/MACs in sshd_config.

In CentOS8 I can edit
/usr/share/crypto-policies/$POLICY/opensshserver.txt for the sshd
arguments, but editing openssh.txt or even changing default crypto
policy to FIPS seems to not affect the client options (ssh -Q mac)

Is the client supposed to be affected by these policies or they are
only for the server?