Re: enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi Kaushal,

   I maintain a set of SSH hardening guides for various platforms,
including RHEL 8.  You can find them here: 
https://ssh-audit.com/hardening_guides.html

   - Joe

-- 
Joseph S. Testa II
Founder & Principal Security Consultant
Positron Security

On Thu, 2024-01-25 at 18:39 +0530, Kaushal Shriyan wrote:
> Hi,
> 
> I am running the below servers on Red Hat Enterprise Linux release
> 8.7
> (Ootpa). The details are as follows.
> 
> # rpm -qa | grep openssh
> openssh-8.0p1-16.el8.x86_64
> openssh-askpass-8.0p1-16.el8.x86_64
> openssh-server-8.0p1-16.el8.x86_64
> openssh-clients-8.0p1-16.el8.x86_64
> 
> # cat /etc/redhat-release
> Red Hat Enterprise Linux release 8.7 (Ootpa)
> #
> 
> How do I enable strong KexAlgorithms, Ciphers and MACs in
> /etc/ssh/sshd_config file as per the above ssh server version. For
> example
> as per below setting.
> 
> KexAlgorithms
> ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-
> hellman-group-exchange-sha256
> Ciphers chacha20-poly1305@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx,
> aes128-gcm@xxxxxxxxxxx,aes256-ctr,aes192-ctr,aes128-ctr
> MACs hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,
> umac-128-etm@xxxxxxxxxxx,hmac-sha2-512,hmac-sha2-256,
> umac-128@xxxxxxxxxxx
> 
> Please guide me.
> 
> Thanks in advance.
> 
> Best Regards,
> 
> Kaushal
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux