Explicitly disable chacha20-poly cipher in ssh config as a workaround.

[ssh] Explicitly disable chacha20-poly cipher as a workaround.
sailfishos · Feb 26, 2019 · 50f2491 · 50f2491
1 parent eff729b
commit 50f2491
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/rpm/ssh_config b/rpm/ssh_config
@@ -44,3 +44,9 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
+
+# Cipher chacha20-poly1305@openssh.com causes connection error with openssh
+# compiled with gcc 4.9.4: "message authentication code incorrect".
+# This is probably a compiler/openssh bug but as a workaround drop the
+# chacha cipher from supported list for now (see JB#44920).
+Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc