I am running CentOS 7.9 (server edition)

I have been searching online for some help on how to disable weak ssh cypher. However, I do not seem to be able to fix the issue. Qualys scans keeps reporting weak cipher in ssh service. I followed some recommendations (i.e: ) online without any luck.

Here is what my /etc/ssh/sshd_config looks like


# Addresses Qualys QID 38739 Deprecated SSH Cryptographic Settings (CentOS 6)
## Changed this line:
##ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,cast128-cbc,aes192-cbc,aes256-cbc,[email protected]
## to this line:
ciphers aes128-ctr,aes192-ctr,aes256-ctr

Thank you for your help.

Step 1:

Go to below directory and uncomment the below line

Vi /etc/sysconfig/sshd

Uncomment

CRYPTO_POLICY=

Step 2:

Go to the below directories and append the below lines at the end of file

vi /etc/ssh/sshd_config

KexAlgorithms [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256

Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr

MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]

Step 3:

systemctl restart sshd

3

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.