Specify the ciphers allowed for SSH protocol version 2. Multiple ciphers must be comma-separated. If the specified value begins with a '+' character, then the specified ciphers will be appended to the default set instead of replacing them.
The supported ciphers are: 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,[email protected]
The default ciphers are: [email protected],aes128-ctr,aes192-ctr,aes256-ctr
Note that the previous sshd uses aes128-ctr as the initial cipher, which will be less secure yet faster for the SSO. So you can move chacha20-poly1305@openssh after aes128-ctr if you feel delay in SSO for this version of Centrify OpenSSH
This policy modifies the Ciphers setting in the Centrify OpenSSH configuration file.