On 11/27/2017 12:42 PM, Tom Horsley wrote: > The /etc/ssh/sshd_config file on my fedora 27 partition says: > > # To opt out, uncomment a line with redefinition of CRYPTO_POLICY= > # variable in /etc/sysconfig/sshd to overwrite the policy. > # For more information, see manual page for update-crypto-policies(8). > > But there is no CRYPTO_POLICY environment variable setting > in /etc/sysconfig/sshd or in supposed system wide file > /etc/crypto-policies/back-ends/openssh-server.config I see > referenced in the sshd.service definition. It's sorta complex in that sshd is passed "-D $OPTIONS $CRYPTO_POLICY" by systemd when it's started, so if you do: CRYPTO_POLICY= in /etc/sysconfig/sshd, then you disable the system-wide crypto policy for sshd. As far as the default crypto policy, it's in /etc/crypto-policies/back-ends/openssh.config which is (at least on my systems) a symlink to /usr/share/crypto-policies/DEFAULT/openssh.txt Hope that helps. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Never put off 'til tommorrow what you can forget altogether! - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
