Make sure you disable version 1 which is the default behavior, your cypher should be AES256-CBC or one of the other stronger types, I’m an AES man myself. I also disable root log in and disable passwords and use keys, you can reduce your retires from 6 to 1 if you use keys and reduce your login time. If you’ve got an ssh config feel and send it over off list.
On Sep 14, 2016, at 8:49 PM, David Mehler <dave.mehler@gmail.com> wrote:
Hello,
I know this is a long subject let me explain my problem. Three months ago I had sergery and am just now getting up to the point where I can do a remote *nix system upgrade via ssh. I use on windows SecureCRT version 6.23. For reference on the server I use Openssl 1.0.1S and openssh-server 7.1x. My goal is to tighten up the encryption protocols to high grade perfect forward secrecy protocols only. My first question is to those managing *nix servers remotely (apache web, email, imap, stufff like that), if you could take a look at the server-protocols relevant portions of my configuration files make sure I have them right? Basically I need a sanity check. The second item, sshd, again like to tighten it up I believe I have it going serverside, which I want. The problem is my version of securecrt does not support the needed protocols. My question is since I don't have the needed cash to upgrade SecureCRT are there other accessible windows terminal emulator programs? I know about PuTTY I do not use it. Is there anything else? My screen readers are Jaws and NVDA.
Thanks. Dave.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins