enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
Joseph S. Testa II
jtesta at positronsecurity.com
Fri Jan 26 02:07:50 AEDT 2024
Hi Kaushal,
I maintain a set of SSH hardening guides for various platforms,
including RHEL 8. You can find them here:
https://ssh-audit.com/hardening_guides.html
- Joe
--
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security
On Thu, 2024-01-25 at 18:39 +0530, Kaushal Shriyan wrote:
> Hi,
>
> I am running the below servers on Red Hat Enterprise Linux release
> 8.7
> (Ootpa). The details are as follows.
>
> # rpm -qa | grep openssh
> openssh-8.0p1-16.el8.x86_64
> openssh-askpass-8.0p1-16.el8.x86_64
> openssh-server-8.0p1-16.el8.x86_64
> openssh-clients-8.0p1-16.el8.x86_64
>
> # cat /etc/redhat-release
> Red Hat Enterprise Linux release 8.7 (Ootpa)
> #
>
> How do I enable strong KexAlgorithms, Ciphers and MACs in
> /etc/ssh/sshd_config file as per the above ssh server version. For
> example
> as per below setting.
>
> KexAlgorithms
> ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-
> hellman-group-exchange-sha256
> Ciphers chacha20-poly1305 at openssh.com,aes256-gcm at openssh.com,
> aes128-gcm at openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
> MACs hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,
> umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,
> umac-128 at openssh.com
>
> Please guide me.
>
> Thanks in advance.
>
> Best Regards,
>
> Kaushal
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list