COVID-19 Digi Technical Support Response x

Disable CBC ciphers for SSH on Digi CM

It is possible to disable certain ciphers used for SSH connection, for example CBC ciphers and have this changes saved upon a device reboot.

This is achieved by editing a filed called "rc.user" in bash (requires root access)

The following example will show the steps to disable CBC ciphers.

cd /usr2
cat rc.user | grep -v | "exit 0" >> rc.temp
cat << EOF >> rc.temp
cat << EO2F>> /etc/ssh/sshd_config
Ciphers aes256-ctr,aes192-ctr,aes128ctr,arcfour
EO2F
exit 0
EOF
cp rc.temp rc.user​


Note: a reboot is required for the changes to take effect.
Last updated: Jan 10, 2020

Filed Under

Network

Recently Viewed

No recently viewed articles