How can i harden my ciphers to support new cipher and not to use old ciphers.

Latest response

Hi Team,

I am new to Linux, I need help from the experts in enabling / hardening the ciphers so i can reproduce an issue.

What i want to do ?
When i use a older version of PuTTy and try to open a console via Putty for a red hat server via ssh, I need to see the below error:

Couldn't agree a key exchange algorithm (available: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256)

How do i enable / add new ciphers to my RedHat 7.1 machine so when i use a older version of puTTy i should see the above error.

I am trying to re-produce an issue and i want to see how to enable and disable the above error when i use a older version of PuTTy.

Gautam R's picture

Responses

I had the similar problem for my users.

Just update /etc/ssh/sshd_config. For example:

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr

BY the same token, you can also update:

MACs KexAlgorithms

Then, restart sshd services.

I strongly suggest that your users update older version of Putty. The problem will go away immediately.

Regards,

Dusan Baljevic (amateur radio VK2COT, still devoted to Morse code)

Was this helpful?

We appreciate your feedback. Leave a comment if you would like to provide more detail.
It looks like we have some work to do. Leave a comment to let us know how we could improve.
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.