Showing posts from August, 2019

OPENSSH - List supported Ciphers and Algorithms

We need this list because sometimes our Vulnerabiliy Scanning software points out that some old ciphers are WEAK. From the man pages of SSH:  -Q cipher | cipher-auth | mac | kex | key              Queries ssh for the algorithms supported for the specified version 2.  The available features are: cipher (supported sym‐              metric ciphers), cipher-auth (supported symmetric ciphers that support authenticated encryption), mac (supported message              integrity codes), kex (key exchange algorithms), key (key types). Supported cipher suites [vicky@vicky-centos-7 ~]$  ssh -Q cipher 3des-cbc blowfish-cbc cast128-cbc arcfour arcfour128 arcfour256 aes128-cbc aes192-cbc aes256-cbc aes128-ctr aes192-ctr aes256-ctr Supported message integrity codes [vicky@vicky-centos-7 ~]$ ssh -Q mac hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512