Blum Blum - 1 month ago 5x
Linux Question

On sshd server how can I see what connection what cipher is using?

I'm administrating a ssh server, serving multiple users. Some asked to be available to use a cipher "arcfour", so I enabled it.

But I am now trying to actually see which connection and user is using it. Is there a way to list the connections with the information about the cipher used in each connection?



You need to set the LogLevel DEBUG in the server sshd_config. Then you should see messages as

debug1: kex: client->server cipher: MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: MAC: <implicit> compression: none [preauth]

Saying what Cipher, MAC and compression is used during the connection.