Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1397
Views
5
Helpful
5
Replies

PI 2.1 Change SSH encryption / hash?

Go to solution
Seth Bjorn
Level 1
Level 1

‎10-14-2014 09:54 AM

Is there any way to change the SSH2 encryption and hash settings PI 2.1 uses to connect to it's managed devices? Right now it is using AES-128 and MD5, but I would like to change it to AES-256 and SHA1.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-14-2014 11:49 AM

It's not exposed in the GUI nor the PI configuration file.

If you drop down into the root shell you will see that PI uses sshd OpenSSH daemon.

It would be an unsupported change, but you might try modifying the sshd_conf file to specify the desired ciphers and hash. Be sure to backup first!

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-14-2014 11:49 AM

It's not exposed in the GUI nor the PI configuration file.

If you drop down into the root shell you will see that PI uses sshd OpenSSH daemon.

It would be an unsupported change, but you might try modifying the sshd_conf file to specify the desired ciphers and hash. Be sure to backup first!

0 Helpful

Go to solution
Seth Bjorn
Level 1
Level 1
In response to Marvin Rhoads

‎10-14-2014 02:14 PM

Thanks Marvin, modified the /etc/ssh/ssh_config file making the necessary changes. Now PI uses SHA1. Hopefully no future patches get clobber because of this! haha

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Seth Bjorn

‎10-14-2014 02:21 PM

You're welcome - I'm glad it worked. I was going on a hunch. :)

Can you share your modified ssh_config file for other seekers to reference?

0 Helpful

Go to solution
Seth Bjorn
Level 1
Level 1
In response to Marvin Rhoads

‎10-15-2014 10:34 AM

I won't show my exact config file, but I will post the details below.

 

Basically what I did was modified the "Host *" template uncommenting what configuration items I wanted to change. You can leave the other sections commented out and openssh will continue to use default for things you have not specified.

 

So step one is to uncomment Host *.

Uncomment Ciphers and MAC lines.

Change any order you prefer for the Ciphers and MAC lines.

 

Save the file an reboot the linux OS. I exited the shell and typed reload in the CLI to reboot the linux OS. My system took around 5 minutes to fully reboot and load PI into it's usable state.

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Seth Bjorn

‎10-15-2014 10:58 AM

Thanks! That'll help other folks for sure.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents