How to disable weak SSH cipher in CentOS 7

I am running CentOS 7.9 (server edition)

I have been searching online for some help on how to disable weak ssh cypher. However, I do not seem to be able to fix the issue. Qualys scans keeps reporting weak cipher in ssh service. I followed some recommendations (i.e: ) online without any luck.

Here is what my /etc/ssh/sshd_config looks like

 # Addresses Qualys QID 38739 Deprecated SSH Cryptographic Settings (CentOS 6) ## Changed this line: ##ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,cast128-cbc,aes192-cbc,aes256-cbc,[email protected] ## to this line: ciphers aes128-ctr,aes192-ctr,aes256-ctr 

Thank you for your help.

1 Answer

Step 1:

Go to below directory and uncomment the below line

Vi /etc/sysconfig/sshd

Uncomment

CRYPTO_POLICY=

Step 2:

Go to the below directories and append the below lines at the end of file

vi /etc/ssh/sshd_config

KexAlgorithms [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr

MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]

Step 3:

systemctl restart sshd

3

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

You Might Also Like