On Wed, Nov 1, 2017 at 12:47 AM, Sven Hartge <s...@svenhartge.de> wrote:
> No, this is not the solution, as this will a) set this for every > connection and b) restrict the Cipher list to *only* this insecure > cipher. > > Please read "man ssh_config". The Ciphers statement recognizes + and - > as prefixes to add or remove values without replacing the whole setting. Well, I didn't have to go through the whole thing. I quickly found what Sven was talking about and just put a '+' in front of the encryption algorithm names I'd added in /etc/ssh/ssh_config. It's working now for all the places I need to get to. (More corrections are welcome.) I didn't create the ~/.ssh/config file because I wanted ssh to work for me, no matter who I logged in as or su'ed to. I realize (or think, anyway) that's going to open my admin box to the darkSide. I need to think about that. Maybe create a local config file in all the home dirs I log into -- and have a bunch of pesky little chores when it's upgrade time. Anyway, I really appreciate all who've responded. I've learned an awful lot about openSSH, and I'm going to put man ssh_config on my reading list -- I had no idea ssh could be so complex. Thanks, Theo and friends... -- Glenn English
