Skip to content

Commit

Permalink
Disable chacha20-poly cipher in sshd config as a workaround.
Browse files Browse the repository at this point in the history 
[sshd] Disable chacha20-poly cipher as a workaround. JB#44920

Cipher chacha20-poly1305@openssh.com causes connection error with openssh
compiled with gcc 4.9.4: "message authentication code incorrect".
This is probably a compiler/openssh bug but as a workaround drop the
cipher from supported list for now.
  • Loading branch information
@jusa
jusa committed Feb 26, 2019
1 parent 0823600 commit eff729b
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions rpm/sshd_config
View file
Expand Up @@ -22,6 +22,12 @@ HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none

# Cipher chacha20-poly1305@openssh.com causes connection error with openssh
# compiled with gcc 4.9.4: "message authentication code incorrect".
# This is probably a compiler/openssh bug but as a workaround drop the
# chacha cipher from supported list for now (see JB#44920).
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

# Logging
#SyslogFacility AUTH
#LogLevel INFO
Expand Down

0 comments on commit eff729b

Please sign in to comment.