Tag Archives: OpenSSH

no matching cipher found: client arcfour server

Control socket connect: Connection refused

sshd -T | grep "\(ciphers\)"
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc

arcfour is disabled on Centos 7, its weak, but you can enable it to speed rsync or rnaspshopt
vi /etc/ssh/sshd_config
Ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc,arcfour,arcfour128,arcfour256

ssh use multiplexing with rsync

This will increase rsync speed.
vi ~/.ssh/config
host *
controlmaster auto
controlpath /tmp/ssh-controlmaster-%r@%h:%p

ssh user@hostname

In other terminal:
ssh -O check user@hostname
Master running (pid=444444)

#ssh -O stop user@hostname
#ssh -O exit ser@hostname

rsync -avz -e ssh /some/path user@hostname:/some/path

multi-factor authentication OpenSSH

sshd(8): Added support for multiple required authentication in SSH
protocol 2 via an AuthenticationMethods option. This option lists
one or more comma-separated lists of authentication method names.
Successful completion of all the methods in any list is required for
authentication to complete. This allows, for example, requiring a
user having to authenticate via public key or GSSAPI before they
are offered password authentication.

I found interesting article about Google authentication http://www.heitorlessa.com/ssh-two-factor-authentication/

Why multi factor authentication important? For example it is very easy to require  both an ssh public key and a password to login.   If you don’t have the public key, you will never see  the password prompt window.