OpenSSH flaw: workaround
May 21, 2009
A flaw in the SSH protocol is starting to get more widespread attention. It appears that a workaround is available: disabling CBC ciphers in favor of CTR. To do so, edit /etc/ssh/sshd_config and add the following: Ciphers arcfour128,arcfour256,arcfour,aes128-ctr,aes192-ctr,aes256-ctr That’s the default list of SSH ciphers, minus the CBC ones.
Filed under: Linux, System administration | Comments (0)