Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PI 2.1 Change SSH encryption / hash?

Is there any way to change the SSH2 encryption and hash settings PI 2.1 uses to connect to it's managed devices? Right now it is using AES-128 and MD5, but I would like to change it to AES-256 and SHA1.

  • Network Management
Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

It's not exposed in the GUI

It's not exposed in the GUI nor the PI configuration file.

If you drop down into the root shell you will see that PI uses sshd OpenSSH daemon.

It would be an unsupported change, but you might try modifying the sshd_conf file to specify the desired ciphers and hash. Be sure to backup first!

5 REPLIES
Hall of Fame Super Silver

It's not exposed in the GUI

It's not exposed in the GUI nor the PI configuration file.

If you drop down into the root shell you will see that PI uses sshd OpenSSH daemon.

It would be an unsupported change, but you might try modifying the sshd_conf file to specify the desired ciphers and hash. Be sure to backup first!

New Member

Thanks Marvin, modified the

Thanks Marvin, modified the /etc/ssh/ssh_config file making the necessary changes. Now PI uses SHA1. Hopefully no future patches get clobber because of this! haha

Hall of Fame Super Silver

You're welcome - I'm glad it

You're welcome - I'm glad it worked. I was going on a hunch. :)

Can you share your modified ssh_config file for other seekers to reference?

New Member

I won't show my exact config

I won't show my exact config file, but I will post the details below.

 

Basically what I did was modified the "Host *" template uncommenting what configuration items I wanted to change. You can leave the other sections commented out and openssh will continue to use default for things you have not specified.

 

So step one is to uncomment Host *.

Uncomment Ciphers and MAC lines.

Change any order you prefer for the Ciphers and MAC lines.

 

Save the file an reboot the linux OS. I exited the shell and typed reload in the CLI to reboot the linux OS. My system took around 5 minutes to fully reboot and load PI into it's usable state.

Hall of Fame Super Silver

Thanks! That'll help other

Thanks! That'll help other folks for sure.

95
Views
5
Helpful
5
Replies