Specify ciphers allowed for protocol version 2

Specify the ciphers allowed for SSH protocol version 2. Multiple ciphers must be comma-separated. If the specified value begins with a '+' character, then the specified ciphers will be appended to the default set instead of replacing them.

The supported ciphers are: 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,chacha20-poly1305@openssh.com

The default ciphers are: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr

Note that the previous sshd uses aes128-ctr as the initial cipher, which will be less secure yet faster for the SSO. So you can move chacha20-poly1305@openssh after aes128-ctr if you feel delay in SSO for this version of Centrify OpenSSH

This policy modifies the Ciphers setting in the Centrify OpenSSH configuration file.

Supported on:


Administrative Templates (Computers)

Administrative Templates (Users)