Bug 1656052
Summary: | OpenSSH ignores "Ciphers -*-cbc" setting in sshd_config | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Thomas Schweikle <tschweikle> |
Component: | openssh | Assignee: | Jakub Jelen <jjelen> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 28 | CC: | dwalsh, jfch, jjelen, lkundrak, mattias.ellert, plautrba, tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-12-04 15:17:55 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Thomas Schweikle
2018-12-04 14:47:09 UTC
Fedora 29, OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS 11 Sep 2018 Same problem: ciphers disabled, but supported. This is because of crypto-policy, which sets default ciphers on sshd commandline (because of lack of include in the sshd), which take precedence to the configuration file and is loaded through the $ systemctl cat sshd [...] EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config To opt out, you can modify the other environment file as advised and then your ciphers setting should become effective: # cat /etc/sysconfig/sshd [...] # System-wide crypto policy: # To opt-out, uncomment the following line # CRYPTO_POLICY= For more information, see https://gitlab.com/redhat-crypto/fedora-crypto-policies |