Posts

Showing posts from August, 2019

OPENSSH - List supported Ciphers and Algorithms

We need this list because sometimes our Vulnerabiliy Scanning software
points out that some old ciphers are WEAK.

From the man pages of SSH:

 -Q cipher | cipher-auth | mac | kex | key
             Queries ssh for the algorithms supported for the specified version 2.  The available features are: cipher (supported sym‐
             metric ciphers), cipher-auth (supported symmetric ciphers that support authenticated encryption), mac (supported message
             integrity codes), kex (key exchange algorithms), key (key types).



Supported cipher suites

[vicky@vicky-centos-7 ~]$  ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com


Supported message integrity codes

[vicky@vicky-centos-7 ~]$ ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openss…