It is recommended that you have a fresh backup of your configuration before attempting to disable weak sha1 ciphers in RedHat Linux:
1. It is recommended that the current sshd_config file be backed up as follows:
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bck
2. edit /etc/ssh/sshd_config
# vi /etc/ssh/sshd_config
3. You will need to locate the following block:
# Using this example, one can see how settings can be overridden by each individual
Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1
4. In this block, the content should be changed as follows:
# This example illustrates how settings can be overridden per user
Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs
hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
kexalgorithms
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
5. Save the file with the :wq command and restart SSH:
# systemctl restart sshd
