Web lists-archives.com

Re: buster ssh problem




On Wed, Nov 1, 2017 at 12:47 AM, Sven Hartge <sven@xxxxxxxxxxxxx> wrote:

> No, this is not the solution, as this will a) set this for every
> connection and b) restrict the Cipher list to *only* this insecure
> cipher.
>
> Please read "man ssh_config". The Ciphers statement recognizes + and -
> as prefixes to add or remove values without replacing the whole setting.

Well, I didn't have to go through the whole thing. I quickly found
what Sven was talking about and just put a '+' in front of the
encryption algorithm names I'd added in /etc/ssh/ssh_config. It's
working now for all the places I need to get to. (More corrections are
welcome.)

I didn't create the ~/.ssh/config file because I wanted ssh to work
for me, no matter who I logged in as or su'ed to. I realize (or think,
anyway) that's going to open my admin box to the darkSide. I need to
think about that. Maybe create a local config file in all the home
dirs I log into -- and have a bunch of pesky little chores when it's
upgrade time.

Anyway, I really appreciate all who've responded. I've learned an
awful lot about openSSH, and I'm going to put man ssh_config on my
reading list -- I had no idea ssh could be so complex. Thanks, Theo
and friends...

--
Glenn English