Hi Kaushal, I maintain a set of SSH hardening guides for various platforms, including RHEL 8. You can find them here: https://ssh-audit.com/hardening_guides.html - Joe -- Joseph S. Testa II Founder & Principal Security Consultant Positron Security On Thu, 2024-01-25 at 18:39 +0530, Kaushal Shriyan wrote: > Hi, > > I am running the below servers on Red Hat Enterprise Linux release > 8.7 > (Ootpa). The details are as follows. > > # rpm -qa | grep openssh > openssh-8.0p1-16.el8.x86_64 > openssh-askpass-8.0p1-16.el8.x86_64 > openssh-server-8.0p1-16.el8.x86_64 > openssh-clients-8.0p1-16.el8.x86_64 > > # cat /etc/redhat-release > Red Hat Enterprise Linux release 8.7 (Ootpa) > # > > How do I enable strong KexAlgorithms, Ciphers and MACs in > /etc/ssh/sshd_config file as per the above ssh server version. For > example > as per below setting. > > KexAlgorithms > ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie- > hellman-group-exchange-sha256 > Ciphers chacha20-poly1305@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx, > aes128-gcm@xxxxxxxxxxx,aes256-ctr,aes192-ctr,aes128-ctr > MACs hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx, > umac-128-etm@xxxxxxxxxxx,hmac-sha2-512,hmac-sha2-256, > umac-128@xxxxxxxxxxx > > Please guide me. > > Thanks in advance. > > Best Regards, > > Kaushal > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
