I am running CentOS 7.9 (server edition)
I have been searching online for some help on how to disable weak ssh cypher. However, I do not seem to be able to fix the issue. Qualys scans keeps reporting weak cipher in ssh service. I followed some recommendations (i.e: https://www.thegeekdiary.com/how-to-disable-weak-cipher-and-insecure-hmac-algorithms-in-ssh-services-for-centos-rhel-6-and-7/) online without any luck.
Here is what my /etc/ssh/sshd_config looks like
# Addresses Qualys QID 38739 Deprecated SSH Cryptographic Settings (CentOS 6) ## Changed this line: ##ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,cast128-cbc,aes192-cbc,aes256-cbc,[email protected] ## to this line: ciphers aes128-ctr,aes192-ctr,aes256-ctr
Thank you for your help.
1 Answer
Step 1:
Go to below directory and uncomment the below line
Vi /etc/sysconfig/sshd
Uncomment
CRYPTO_POLICY=
Step 2:
Go to the below directories and append the below lines at the end of file
vi /etc/ssh/sshd_config
KexAlgorithms [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
Step 3:
systemctl restart sshd
3ncG1vNJzZmirpJawrLvVnqmfpJ%2Bse6S7zGiorp2jqbawutJobmpqYWiDeIKOoaawZaSkeqW10pqZpZ1drLKit4ysqqFlk569qbHRZqCnZZOau7W70mZu