• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How To Disable MD5-based HMAC Algorithm’s for SSH

By admin

This is a short post on how to disable MD5-based HMAC algorithm’s for ssh on Linux.

1. Make sure you have updated openssh package to latest available version.

2. To change the ciphers/md5 in use requires modifying sshd_config file, you can append Ciphers & MACs with options as per the man page. For example:

# vi /etc/ssh/sshd_config
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com

From the man page of sshd_config:

# man sshd_config

     Ciphers
             Specifies the ciphers allowed for protocol version 2.  Multiple ciphers must be comma-separated.  The supported ciphers are
             “3des-cbc”, “aes128-cbc”, “aes192-cbc”, “aes256-cbc”, “aes128-ctr”, “aes192-ctr”, “aes256-ctr”, “arcfour128”, “arcfour256”,
             “arcfour”, “blowfish-cbc”, “rijndael-cbc@lysator.liu.se”, and “cast128-cbc”.  The default is:

                aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
                aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

     MACs    Specifies the available MAC (message authentication code) algorithms.  The MAC algorithm is used in protocol version 2 for data
             integrity protection.  Multiple algorithms must be comma-separated.  The default is:

                   hmac-md5,hmac-sha1,umac-64@openssh.com,
                   hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
                   hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com

3. Restart the sshd service.

# service sshd restart       ### For CentOS/RHEL 6
# systemctl restart sshd     ### For CentOS/RHEL 7

Filed Under: Linux

Some more articles you might also be interested in …

  1. How to Configure Existing Lvm Volume Group to Use DM-Multipath
  2. Running repairs on XFS Filesystems
  3. How to Install NTP Service and Client in CentOS/RHEL 8
  4. How to change the PATH variable in Linux
  5. How to clean YUM cache in CentOS / RHEL
  6. How to enable the automatic extension for a thin LVM volume
  7. Linux OS Service ‘xendomains’
  8. Basic Master Cups Server and Clients Configuration for Browsing in CentOS/RHEL 7
  9. How to add words to the dictionary cracklib uses for validating passwords against known dictionary words
  10. Understanding linux fdisk utility

You May Also Like

Primary Sidebar

Recent Posts

  • CentOS/RHEL 8: “ACPI MEMORY OR I/O RESET_REG” Server Hung after reboot
  • How to Create a Physical Standby Database by Using SQL and RMAN Commands
  • Basics of client connectivity in Oracle Data Guard configuration
  • ORA-354 ORA-353 and ORA-312: Possible corruption in Online Redo Log File Members in a Redo Log Group
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary