Description of problem: setting Ciphers -*-cbc or Ciphers -aes128-cbc,aes192-cbc,aes256-cbc are ignored. Man-page states this shall remove these ciphers from sshd. # sshd -T | grep -i cipher ciphers chacha20-poly1305,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm but if a client connects using one of the non announced ciphers it will be used by sshd. Version-Release number of selected component (if applicable): OpenSSH_7.8p1, OpenSSL 1.1.0i-fips 14 Aug 2018 How reproducible: Always Steps to Reproduce: 1. Install OpenSSH 2. Configure /etc/ssh/sshd_config to include one of Ciphers -*-cbc Ciphers -aes128-cbc,aes192-cbc,aes256-cbc Ciphers chacha20-poly1305,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm 3. Test with "sshd -T | grep -i cipher" -> sshd reports to not support any *-cbc based ciphers any more. 4. Connect using one of these unsupported ciphers. Actual results: Connection with one of the unsupported ciphers succeeds Expected results: Connection with one of the unsupported ciphers shall fail. Additional info: With sshd on Fedora 27 this worked as expected.
Fedora 29, OpenSSH_7.9p1, OpenSSL 1.1.1 FIPS 11 Sep 2018 Same problem: ciphers disabled, but supported.
This is because of crypto-policy, which sets default ciphers on sshd commandline (because of lack of include in the sshd), which take precedence to the configuration file and is loaded through the $ systemctl cat sshd [...] EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config To opt out, you can modify the other environment file as advised and then your ciphers setting should become effective: # cat /etc/sysconfig/sshd [...] # System-wide crypto policy: # To opt-out, uncomment the following line # CRYPTO_POLICY= For more information, see https://gitlab.com/redhat-crypto/fedora-crypto-policies