My team uses Okta Advanced Server Access (ASA) to manage SSH connections. We’re currently going through a compliance push for an upcoming audit and need to adjust the supported cryptographic algorithms for SSH to comply with certain controls. I updated the
MACs in our
sshd_config and restarted sshd. I confirmed the configuration looked correct with
sudo sshd -T. However, when I inspected the handshake using
ssh -vv <host>, I saw the server’s list of supported algorithms had not changed.
Is there some component of the ASA server agent that overrides the configured cryptographic algorithms in our
sshd_config? Has anyone tried this before?