RHEL - Why does SSH connection select aes128-ctr cipher over aes256-ctr by default?

Solution Verified - Updated -


  • SSH connections by default appear to be using aes128-ctr when aes256-ctr is more secure.
  • RHEL 8 default order of ciphers in /etc/ssh/ssh_config file.

    #   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
  • RHEL 7 default order of ciphers in /etc/ssh/ssh_config file.

    #   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc


  • Red Hat Enterprise Linux (RHEL) 8
  • Red Hat Enterprise Linux (RHEL) 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content