aix:aix_ssh_howto
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
aix:aix_ssh_howto [2024/09/11 11:44] manu [SCP Connection closed] |
aix:aix_ssh_howto [2025/01/15 23:25] (current) manu [List ciphers and Macs on client] |
||
|---|---|---|---|
| Line 294: | Line 294: | ||
| </cli> | </cli> | ||
| + | ==== Add timeout ==== | ||
| + | |||
| + | If an host doesn't answer, the timeout will stop the connexion | ||
| + | <cli prompt='#'> | ||
| + | # ssh -o ConnectTimeout=10 $i uname | ||
| + | </cli> | ||
| ==== Boost ssh connection ==== | ==== Boost ssh connection ==== | ||
| Line 397: | Line 403: | ||
| ==== List ciphers and Macs on client ==== | ==== List ciphers and Macs on client ==== | ||
| + | |||
| + | |||
| + | * Ciphers: ssh -Q cipher | ||
| + | * MACs: ssh -Q mac | ||
| + | * KexAlgorithms: ssh -Q kex | ||
| + | * PubkeyAcceptedKeyTypes: ssh -Q key | ||
| + | |||
| + | You can also remotely probe a ssh server for its supported ciphers with recent nmap versions: | ||
| + | <cli prompt='#'> | ||
| + | # nmap --script ssh2-enum-algos -sV -p <port> <host> | ||
| + | </cli> | ||
| <cli prompt='#'> | <cli prompt='#'> | ||
| Line 429: | Line 446: | ||
| umac-128-etm@openssh.com | umac-128-etm@openssh.com | ||
| </cli> | </cli> | ||
| + | |||
| + | ==== Connection slow ==== | ||
| + | |||
| + | Check using **ssh -vvv <hostname>**, if it hangs on | ||
| + | debug1: Next authentication method: gssapi-with-mic | ||
| + | |||
| + | Change the following parameter in the file **/etc/ssh/sshd_config** | ||
| + | GSSAPIAuthentication no | ||
| + | | ||
| + | FIXME On some new Linux versions, check also the files located in the folder **/etc/ssh/sshd_config.d/** | ||
| + | |||
aix/aix_ssh_howto.1726047864.txt.gz ยท Last modified: 2024/09/11 11:44 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
