Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
263 questions
Increase support/make configurable Azure Bastion https client SSH ciphers
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 3%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Matthew Brown
0
Reputation points
Hello all,
We have an encryption standard that holds chacha20-poly1305@openssh.com as the only cipher that can be used.
I now need to seek a security exception to utilize aes256-ctr as a cipher for SSH in order to support the Azure Bastion https client SSH client.
Is there a feature I'm missing that allows me to configure ciphers for the Azure Bastion https client SSH client? Or is there an ETA on this feature?
Thanks,
Matt
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Sai Prasanna Sinde (Quadrant Resource LLC) 765 Reputation points Microsoft Vendor2024-10-21T11:11:07.3633333+00:00 Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
- As of now, Azure Bastion primarily supports the ChaCha20-Poly1305 cipher for its HTTPS-based SSH client. Unfortunately, the ability to configure additional ciphers like AES256-CTR for the Azure Bastion SSH client is limited, as Azure Bastion is designed to provide a secure and standardized way of accessing VMs through SSH and RDP.
- If in case the Azure Bastion is critical for your use case but lacks the needed cipher support, consider using a standard SSH server accessible through a VPN or other secure means, which would allow you to configure your desired ciphers.
Kindly let us know if the above helps or you need further assistance on this issue.
Thanks,
Sai Prasanna.
-
Matthew Brown 0 Reputation points
2024-10-21T12:48:57.1766667+00:00 @Sai Prasanna Sinde (Quadrant Resource LLC)
ChaCha20-Poly1305 isn't support. aesctr is supported.
How do I submit a feature request for either client-controlled cipher configuration or support of ChaCha20-Poly1305 ?
Thanks,
Matt
Sign in to comment
Sign in to answer