Tag Archives: OpenSSH

no matching cipher found: client arcfour server

Control socket connect: Connection refused

sshd -T | grep "\(ciphers\)"
ciphers [email protected]nssh.com,aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc

arcfour is disabled on Centos 7, its weak, but you can enable it to speed rsync or rnaspshopt
vi /etc/ssh/sshd_config
Ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc,arcfour,arcfour128,arcfour256

ssh use multiplexing with rsync

This will increase rsync speed.
vi ~/.ssh/config
host *
controlmaster auto
controlpath /tmp/ssh-controlmaster-%[email protected]%h:%p

ssh [email protected]

In other terminal:
ssh -O check [email protected]
Master running (pid=444444)

#ssh -O stop [email protected]
#ssh -O exit [email protected]

rsync -avz -e ssh /some/path [email protected]:/some/path

multi-factor authentication OpenSSH

sshd(8): Added support for multiple required authentication in SSH
protocol 2 via an AuthenticationMethods option. This option lists
one or more comma-separated lists of authentication method names.
Successful completion of all the methods in any list is required for
authentication to complete. This allows, for example, requiring a
user having to authenticate via public key or GSSAPI before they
are offered password authentication.

I found interesting article about Google authentication http://www.heitorlessa.com/ssh-two-factor-authentication/

Why multi factor authentication important? For example it is very easy to require  both an ssh public key and a password to login.   If you don’t have the public key, you will never see  the password prompt window.