From 4754f7994d7877e825d463ee60710711a4c8e233 Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Tue, 23 Dec 2008 09:12:41 +0000 Subject: [PATCH] allow protocol 2 only on the server-side (client-side still allows protocol 1) and add CTR based ciphers --- openssh/openssh.spec | 2 +- openssh/ssh_config | 2 +- openssh/sshd_config | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/openssh/openssh.spec b/openssh/openssh.spec index f9753afd14..eefcb4f25d 100644 --- a/openssh/openssh.spec +++ b/openssh/openssh.spec @@ -38,7 +38,7 @@ Class: CORE Group: SSH License: BSD Version: %{V_base}%{V_portable} -Release: 20081122 +Release: 20081223 # package options %option with_fsl yes diff --git a/openssh/ssh_config b/openssh/ssh_config index 5292d0f49d..700affe691 100644 --- a/openssh/ssh_config +++ b/openssh/ssh_config @@ -17,7 +17,7 @@ Host * HostKeyAlgorithms ssh-rsa,ssh-dss PreferredAuthentications hostbased,publickey,keyboard-interactive,password Cipher 3des - Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc + Ciphers aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,arcfour256,arcfour128,arcfour,3des-cbc,blowfish-cbc,cast128-cbc MACs hmac-sha1,hmac-md5,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 Compression yes CompressionLevel 4 diff --git a/openssh/sshd_config b/openssh/sshd_config index e1e47338ae..9b2d62370e 100644 --- a/openssh/sshd_config +++ b/openssh/sshd_config @@ -7,7 +7,8 @@ ListenAddress 127.0.0.1 Subsystem sftp @l_prefix@/libexec/openssh/sftp-server -Protocol 2,1 +Protocol 2 +Ciphers aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,arcfour256,arcfour128,arcfour,3des-cbc,blowfish-cbc,cast128-cbc HostKey @l_prefix@/etc/openssh/ssh_host_key HostKey @l_prefix@/etc/openssh/ssh_host_rsa_key HostKey @l_prefix@/etc/openssh/ssh_host_dsa_key