How can i harden my ciphers to support new cipher and not to use old ciphers.

Latest response

Hi Team,

I am new to Linux, I need help from the experts in enabling / hardening the ciphers so i can reproduce an issue.

What i want to do ?
When i use a older version of PuTTy and try to open a console via Putty for a red hat server via ssh, I need to see the below error:

Couldn't agree a key exchange algorithm (available: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256)

How do i enable / add new ciphers to my RedHat 7.1 machine so when i use a older version of puTTy i should see the above error.

I am trying to re-produce an issue and i want to see how to enable and disable the above error when i use a older version of PuTTy.

Responses

I had the similar problem for my users.

Just update /etc/ssh/sshd_config. For example:

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

BY the same token, you can also update:

MACs KexAlgorithms

Then, restart sshd services.

I strongly suggest that your users update older version of Putty. The problem will go away immediately.

Regards,

Dusan Baljevic (amateur radio VK2COT, still devoted to Morse code)