Ssh – how to know the type of symmetric encryption used by ssh

encryptionSecurityssh

I want to know the type of symmetric encryption (after authentication) used by ssh in a connection client-server. I'm not sure who determines the encryption. Client or Server?.

I have looked in /etc/ssh/ssh_config (on client) and /etc/ssh/sshd_config (on server) and nothing.

Best Answer

Both ssh_config (client configuration) and sshd_config (server configuration) have a Ciphers option that determine the supported ciphers. If the option doesn't appear in the configuration file, a built-in default applies. It is mentioned in the manual page for your version (unless your distribution tweaked the list at compile time without updated the man page). The actual cipher for a given connection is determined according to RFC 4253:

The chosen encryption algorithm to each direction MUST be the first algorithm on the client's name-list that is also on the server's name-list.

You can see what both parties had to offer and which cipher was chosen for a given connection by running ssh -vv.

Related Solutions

SSH XForwarding fails – xauth bad display name

On the remote machine, edit the file /etc/ssh/sshd_config. Change X11UseLocalhost to yes.

Source http://www.pclinuxos.com/forum/index.php?topic=109487.0

SSH server listening on multiple ports with passwordless access not allowing connections to second port

First off, I usually create a second sshd process with its own configuration file. (sshd -f /etc/ssh/sshd-2222.conf for instance) or by overriding the configuration on the command-line (sshd -p 2222 -o PasswordAuthentication=no,AllowRoot=no). This way they share the same keys, etc, but you can override any of the parameters.

Any ideas why this happen?

I have some ideas:

selinux is enabled and is preventing you from using the port to login. This isn't likely, because if the problem were selinux, it wouldn't get that far. Run selinuxenabled && echo "SELinux enabled" && getenforce and if it is enabled and enforced, grep sshd /var/log/audit/audit.log to identify failures. Disable to see if it goes away.
PAM is getting in the way. Again, this doesn't seem likely, since PAM doesn't care about what port you use in conjunction with SSH.
/etc/hosts.allow or /etc/hosts.deny. Here you can associate port-service-user in any number of combinations. If these files are empty, we have to look elsewhere.
Did ssh add some mysterious port number to the key? It's possible. Your logs indicate it is and is not happening. See, for instance:

debug1: Authentication succeeded (publickey). Authenticated to localhost ([127.0.0.1]:5984).

From the changelog in CentOS7:

* Fri Oct 26 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-2
  - add SELinux comment to /etc/ssh/sshd_config about SELinux command to modify port (#861400)

OK, so maybe it is selinux.

Best Answer

Related Solutions

SSH XForwarding fails – xauth bad display name

SSH server listening on multiple ports with passwordless access not allowing connections to second port

Related Question