Comment 1 for bug 2070326

It sounds like you're encountering difficulties in disabling the ChaCha20-Poly1305 encryption cipher to mitigate the Terrapin SSH attack. Your approach to modify the SSH configuration files and restart the SSH daemon seems correct. Here are a few additional steps and considerations based on your report:

Steps to Reproduce:

Edit /etc/ssh/sshd_config.d/anti-terrapin-attack.conf to include Ciphers -<email address hidden>.
Edit /etc/ssh/ssh_config.d/anti-terrapin-attack.conf similarly.
Restart the SSH daemon using systemctl restart sshd.
Check the available ciphers using ssh -Q cipher.
Expected Behavior:
The ChaCha20-Poly1305 cipher should be disabled and should not appear in the list of available ciphers after the configuration changes and SSH daemon restart.

Actual Behavior:
Despite making the changes and restarting SSH, the ChaCha20-Poly1305 cipher continues to be listed among the available ciphers.

Additional Information:

Could you please provide the operating system version and SSH version you are using?
It would also be helpful to see the output of ssh -Q cipher before and after making the configuration changes.
Any relevant logs or error messages from /var/log/auth.log or SSH logs might provide clues.
Resolution Attempted:
You've already tried editing the SSH configuration files and restarting the SSH daemon, which is the correct approach.

Impact:
The persistence of the ChaCha20-Poly1305 cipher poses a security risk, leaving the system vulnerable to the Terrapin SSH attack.

Next Steps:

Investigate if there are additional steps or configuration parameters needed to effectively disable the cipher.
Consider consulting SSH documentation or community forums for insights into similar issues reported by others.
If you have any updates or further details, please share them. We're here to help troubleshoot and find a resolution.

Best regards,