Ciphers, MACs or KeX algorithms differ from "sshd -T" to what is provided by current crypto policy level
Issue
-
While comparing the output of
sshd -T
with the Ciphers, MACs or Key Exchange Algorithms from the current crypto policy configured, some inconsistencies can be noted:# sshd -T | grep -i ciphers ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com # cat /etc/crypto-policies/back-ends/opensshserver.config | cut -f 2 -d \' | cut -f 1 -d " " -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc # update-crypto-policies --show DEFAULT
-
aes192-ctr
should not be available for theDEFAULT
level.
Environment
- Red Hat Enterprise Server (RHEL) 8
openssh-server
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.