• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How To Disable MD5-based HMAC Algorithm’s for SSH

by admin

This is a short post on how to disable MD5-based HMAC algorithm’s for ssh on Linux.

1. Make sure you have updated openssh package to latest available version.

2. To change the ciphers/md5 in use requires modifying sshd_config file, you can append Ciphers & MACs with options as per the man page. For example:

# vi /etc/ssh/sshd_config
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com

From the man page of sshd_config:

# man sshd_config

     Ciphers
             Specifies the ciphers allowed for protocol version 2.  Multiple ciphers must be comma-separated.  The supported ciphers are
             “3des-cbc”, “aes128-cbc”, “aes192-cbc”, “aes256-cbc”, “aes128-ctr”, “aes192-ctr”, “aes256-ctr”, “arcfour128”, “arcfour256”,
             “arcfour”, “blowfish-cbc”, “rijndael-cbc@lysator.liu.se”, and “cast128-cbc”.  The default is:

                aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
                aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

     MACs    Specifies the available MAC (message authentication code) algorithms.  The MAC algorithm is used in protocol version 2 for data
             integrity protection.  Multiple algorithms must be comma-separated.  The default is:

                   hmac-md5,hmac-sha1,umac-64@openssh.com,
                   hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
                   hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com

3. Restart the sshd service.

# service sshd restart       ### For CentOS/RHEL 6
# systemctl restart sshd     ### For CentOS/RHEL 7

Filed Under: Linux

Some more articles you might also be interested in …

  1. nmcli radio Command Examples in Linux
  2. hashcat: command not found
  3. jetifier Command Examples
  4. Images preview with ngx_http_image_filter_module
  5. virsh Command Examples in Linux
  6. btrfs property Command Examples in Linux
  7. “docker cp” Command Examples
  8. CentOS / RHEL 6 : How to completely remove device mapper multipath (dm-multipath)
  9. spectre-meltdown-checker: command not found
  10. nmap: command not found

You May Also Like

Primary Sidebar

Recent Posts

  • Vanilla OS 2 Released: A New Era for Linux Enthusiasts
  • mk Command Examples
  • mixxx Command Examples
  • mix Command Examples

© 2025 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright