However after doing this, and restarting ssh, I get this error :
/etc/ssh/sshd_config line 88: Bad SSH2 cipher spec 'aes128-ctr,aes192-ctr,aes256-ctr'
Also, I am not able to ssh into the server anymore.
Please provide a suggestion on how to disable the CBC option and enable the CTR/GCM option without causing problems.
The sshd_config file in the server is sshd_config(4) and thus does not support CTR/GCM.
Ciphers
Specifies the ciphers allowed. Multiple ciphers must be comma-separated. If the
specified value begins with a �+' character, then the specified ciphers will be
appended to the default set instead of replacing them.
The supported ciphers are:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com
The default is:
chacha20-poly1305@openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
aes128-gcm@openssh.com,aes256-gcm@openssh.com
The list of available ciphers may also be obtained using the -Q option of ssh(1)
with an argument of �cipher�.
When system admins make sshd config changes to a remote server they do not logout of their working session before they confirm the changes work..
For example, if you are logged into a server and make changes to sshd , you do not log out of that session.
server:/var/www/ads# ssh me@remote.example.com
me@remove.example.com's password:
Last login: Thu May 9 08:14:30 2019 from 139.112.217.44
me@remote:~$ sudo -i
[sudo] password for me:
// make changes to ssh configation
remote:~# service sshd restart
You are still logged to the remote server.
Now try to ssh again from another terminal.
Or alternatively, you can run sshd on another port with another configuration file, for example on some (linux) systems;
I tried this solution, and I did not log out from session where I made the changes before opening a new session.
But it still does not work. I cannot ssh into the server anymore. "Network Error: Connection Refused" error.