latuminggi · April 16, 2025 13:37
diff --git a/Disable weak SSH ciphers in Linux b/Disable weak SSH ciphers in Linux
 ### Disable weak SSH ciphers in Linux ###

 # check ssh ciphers, macs, and kexalgorithms
 sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)"

 # edit sshd_config
 nano /etc/ssh/sshd_config

 # add following conf lines into most bottom of sshd_config file
 Ciphers [email protected],[email protected],aes256-ctr,aes128-ctr
 MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-sha1
 KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

 # or use these following lines
 Ciphers aes256-ctr,aes128-ctr
 MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1
 KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

 # restart ssh
 service ssh restart
	### Disable weak SSH ciphers in Linux ###

	# check ssh ciphers, macs, and kexalgorithms
	sshd -T \| grep "\(ciphers\\|macs\\|kexalgorithms\)"

	# edit sshd_config
	nano /etc/ssh/sshd_config

	# add following conf lines into most bottom of sshd_config file
	Ciphers [email protected],[email protected],aes256-ctr,aes128-ctr
	MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-sha1
	KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

	# or use these following lines
	Ciphers aes256-ctr,aes128-ctr
	MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1
	KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

	# restart ssh
	service ssh restart