"ssh_config" and "sshd_config".

Issues related to configuring your network
Post Reply
hack3rcon
Posts: 710
Joined: 2014/11/24 11:04:37

"ssh_config" and "sshd_config".

Post by hack3rcon » 2020/08/03 05:52:04

Hello,
I want to change the cipher option for my SSH service but which file should be edit? "ssh_config" Or "sshd_config"?
If I edit both of them then can it cause any problem?

Thank you.

User avatar
KernelOops
Posts: 395
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: "ssh_config" and "sshd_config".

Post by KernelOops » 2020/08/03 06:24:13

In CentOS 8, you should not edit those files. There is a new implementation for system-wide crypto policy, which includes ssh.

I've already written about the new policy, read my post "Harden SSH in CentOS 8"
--
I love my computer - all my friends live there.
--

User avatar
jlehtone
Posts: 3192
Joined: 2007/12/11 08:17:33
Location: Finland

Re: "ssh_config" and "sshd_config".

Post by jlehtone » 2020/08/03 13:14:47

That said, the very beginning of man ssh_config and man sshd_config does tell what those files were used for.

aks
Posts: 3045
Joined: 2014/09/20 11:22:14

Re: "ssh_config" and "sshd_config".

Post by aks » 2020/08/03 17:30:18

sshd_config — OpenSSH daemon configuration file
ssh_config — OpenSSH client configuration file
(from man pages)

hack3rcon
Posts: 710
Joined: 2014/11/24 11:04:37

Re: "ssh_config" and "sshd_config".

Post by hack3rcon » 2020/08/03 21:11:47

If I edited that files, then can it make any problem?

User avatar
KernelOops
Posts: 395
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: "ssh_config" and "sshd_config".

Post by KernelOops » 2020/08/03 22:45:42

you asked how to change the cipher option.

the cipher does NOT change by editing those two files

because

THEY ARE OVERRIDDEN by the system policy.

just read the thread I pointed at, and modify the policy instead, which will take care of ssh.


PS:
not sure what the other posters above are saying, but I repeat: whatever you put in sshd_config, will be overridden by the system policy.
--
I love my computer - all my friends live there.
--

Post Reply

Return to “CentOS 8 - Networking Support”