openssh HostKeyAlgorithms

Support for security such as Firewalls and securing linux
optikab
Posts: 19
Joined: 2014/01/19 18:04:15

openssh HostKeyAlgorithms

Postby optikab » 2018/04/04 14:43:38

I am trying exclude SSH from using DH ciphers.

With openssh 7 this can be done with the HostKeyAlgorithms & KexAlgorithms options.

Openssh 5.3 which is distributed with Centos 6 doesn't allow this configuration option though, is there any way to achieve the desired result in 5.3?

Config I want to use:

Code: Select all

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha2-256,hmac-sha2-512

HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss

KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521


Response on start up:

Code: Select all

Starting sshd: /etc/ssh/sshd_config: line 150: Bad configuration option: HostKeyAlgorithms
/etc/ssh/sshd_config: terminating, 1 bad configuration options