When changing the Ciphers or MACs parameters in set service ssh <option>, an existing line within sshd_config would not be altered but a new line appended instead, resulting in multiple Ciphers / MACs lines existing in sshd_config.
To fix this, and at the same time, adapt SSH config options to the new capabilities of OpenSSH 6.7, I propose the attached patch to the vyatta-cfg-system package. SSH service configuration will then look as follows:
vyos@vyos# set service ssh Possible completions: allow-root Enable root login over ssh ciphers Allowed ciphers disable-host-validation Don't validate the remote host name with DNS disable-password-authentication Don't allow unknown user to login with password key-exchange Allowed key exchange algorithms + listen-address Local addresses SSH service should listen on loglevel Log Level macs Allowed message authentication algorithms port Port for SSH service [edit] vyos@vyos#
Patch
vyatta-cfg-system
Edited:
- I failed to use the correcty syntax for git diff in order to include new files into the patch set. This was fixed with this edit.
- For quick evaluation, I attached a vyatta-cfg-system deb package you may install on the fly.