It is possible to disable certain ciphers used for SSH connection, for example CBC ciphers and have this changes saved upon a device reboot.
This is achieved by editing a filed called "
rc.user" in bash (requires
root access)
The following example will show the steps to disable CBC ciphers.
cd /usr2
cat rc.user | grep -v | "exit 0" >> rc.temp
cat << EOF >> rc.temp
cat << EO2F>> /etc/ssh/sshd_config
Ciphers aes256-ctr,aes192-ctr,aes128ctr,arcfour
EO2F
exit 0
EOF
cp rc.temp rc.user
NOTE: A reboot is required for the changes to take effect.
Last updated:
Jan 01, 2024