Re: enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



BTW based on your output it looks like the DEFAULT policy is just fine, 
If you really want to turn etm HMAC and chacha20 off, you should follow the RHEL security alert

https://access.redhat.com/security/cve/cve-2023-48795
    cipher@SSH = -CHACHA20-POLY1305
    ssh_etm = 0
by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.

However I would NOT do that (since those ciphers are the modern alternatives),
and instead update to openssh-server-8.0p1-15.el8_6.3.x86_64.rpm
(see https://access.redhat.com/errata/RHSA-2024:0429)

Gruss
Bernd
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux