In Lighthouse 22.11, outdated SSH encryption functions have been removed to mitigate security risks.
These changes will be present on any new instances of Lighthouse 22.11 and onwards, however please note that these changes do not get applied to systems that have been upgraded from previous versions and will require a manual migration task.
To manually apply this change, edit both /etc/ssh/ssh_config and /etc/ssh/sshd_config and set these variables:
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com
MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
HostKeyAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
Then run the configurator to apply any customisation and restart the sshd service.
configurator_ssh
/etc/init.d/sshd restart
Comments
0 comments
Article is closed for comments.