cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
chris_top_he_r
New Contributor

Is it possible to change encryption modes from CBC to GCM for SSH on Adtran router? Recompile Router firmware? Steps?

That's pretty much it.  SSH using CBC and wonder what it takes to change it to something else like GCM.  Could use different SSH.  Someone said if using Dropbear SSH with Linux have to recompile router firmware.  If true, what has to be done, or would that have to be from Adtran only and they don't do it?  I'm new to all this security stuff and trying to get up to speed.  Thanks for listening.

0 Kudos
4 Replies

Re: Is it possible to change encryption modes from CBC to GCM for SSH on Adtran router?  Recompile Router firmware?  Steps?

Sorry to bother you all.  I found out you just add the cyphers to the sshd_config file.

Re: Is it possible to change encryption modes from CBC to GCM for SSH on Adtran router? Recompile Router firmware? Steps?

Can you please explain what you added?  I find that the router always responds with 3des-cbc ....

--

Regards,

Mick

Re: Is it possible to change encryption modes from CBC to GCM for SSH on Adtran router? Recompile Router firmware? Steps?

Hi Mick.

It just means I don't really know much at all.

I'm on a forum where I try to answer tech questions of all sorts by a little knowledge combined with doing research on the internet.  Someone asked about how to change their encryption mode on an Adtran router.   I really blew it by not noticing they said SSH encryption.  So then when SSH was the issue anther person on the forum told them to just change the config file to change encryption modes like I stated above.  So the question for SSH was solved.  I don't have an Adtran router yet myself.

Thanks for making me clarify things.

Chris

Re: Is it possible to change encryption modes from CBC to GCM for SSH on Adtran router? Recompile Router firmware? Steps?

Well the answer is correct as far as configuring the client goes, BUT it depends on the router and its firmware to support a particular encryption algorighm that the client may request.  If the router doesn't support it, then the client will fail to authenticate.