Linux SSH Config: Removing ciphers and MACs

Hi, I need to remove CBC ciphers and the following MACs...
 - hmac-md5
 - hmac-md5-96
 - hmac-sha1-96
I edited my "/etc/ssh/ssh_config" by changing...
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

Open in new window

to...
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128

Open in new window

and...
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160

Open in new window

to...
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160

Open in new window

Then I restarted sshd by executing the following command...
service sshd restart

Open in new window

It shows...
Stopping sshd: [ OK ]
Starting sshd: [ OK ]

Open in new window

But a server scan still shows that the cipher and MACs are still supported.
How do I remove the cipher and MACs correctly?
Thanks!
LVL 1
killdurstAsked:
Who is Participating?
 
serialbandConnect With a Mentor Commented:
Yes, copy the lines to sshd_config.  You can restart just the sshd service without affecting already connected users.  Those users remain on the older configuration untill they disconnect, and new user connections use the new settings.
0
 
Jan SpringerConnect With a Mentor Commented:
Supported or allowed?
0
 
serialbandCommented:
In case you didn't make a typo, /etc/ssh/ssh_config is used by the ssh client.  You should be editing /etc/ssh/sshd_config and then restarting the server. (note the extra d )
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

 
killdurstAuthor Commented:
By supported, I mean allowed.

So I can just copy and paste the two lines from ssh_config to sshd_config right?
Restarting the server is not at option at this point actually.
Can I just restart the sshd service?
Thanks!
0
 
killdurstAuthor Commented:
Ok, I think the changes took effect after I restarted the service cos now I can't SSH in to the server.
I'm getting a "Algorithm negotiation failed".
I'm using SSH Secure Shell to remote in.
When logging in, I tried the following encryption / MAC algorithm combinations...
AES 128 / HMAC-MD5
AES 128 / HMAC-SHA1
AES 192 / HMAC-MD5
AES 192 / HMAC-SHA1
AES 256 / HMAC-MD5
AES 256 / HMAC-SHA1
Arcfour 128 / HMAC-MD5
Arcfour 128 / HMAC-SHA1

Arcfour 256 is not listed as an option.

I can still log in using Putty though... and I can also modify the sshd_config and restart the service using the web console.

Just wondering why I can't ssh in using secure shell...

Thanks...
0
 
serialbandCommented:
Did you edit the client configuraton, ssh_config to include Arcfour 256?
0
 
killdurstAuthor Commented:
Actually I've commented back the Ciphers and the MACs lines in ssh_config.

Anyway, I've decided to stick to using Putty for the command line interface and Filezilla for FTP from now onwards.

Thanks for your help regarding the tip to edit sshd_config.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.