Author - Navneet Kashyap Post Views - 38 views

In Linux, how to Disable the Weak SHA1 Algorithm for SSHDs

It is recommended that you have a fresh backup of your configuration before attempting to disable weak sha1 ciphers in RedHat Linux:

1. It is recommended that the current sshd_config file be backed up as follows:
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bck

2. edit /etc/ssh/sshd_config
# vi /etc/ssh/sshd_config

3. You will need to locate the following block:
# Using this example, one can see how settings can be overridden by each individual

Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1

4. In this block, the content should be changed as follows:
# This example illustrates how settings can be overridden per user

Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs
hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
kexalgorithms
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

5. Save the file with the :wq command and restart SSH:
# systemctl restart sshd

 

Leave a Reply

Your email address will not be published. Required fields are marked *

fiteesports.com rivierarw.com cratosroyalbet betwoon grandpashabet grandpashabet giriş deneme bonusu veren siteler casino siteleri