Important information for contacting Digi Technical Support

Disable CBC Ciphers for SSH on Digi CM

It is possible to disable certain ciphers used for SSH connection, for example CBC ciphers and have this changes saved upon a device reboot.

This is achieved by editing a filed called "rc.user" in bash (requires root access)

The following example will show the steps to disable CBC ciphers.

cd /usr2
cat rc.user | grep -v | "exit 0" >> rc.temp
cat << EOF >> rc.temp
cat << EO2F>> /etc/ssh/sshd_config
Ciphers aes256-ctr,aes192-ctr,aes128ctr,arcfour
EO2F
exit 0
EOF
cp rc.temp rc.user​


NOTE: A reboot is required for the changes to take effect.
Last updated: Jan 01, 2024

Did you find this article helpful?