• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How To Disable MD5-based HMAC Algorithm’s for SSH

By admin

This is a short post on how to disable MD5-based HMAC algorithm’s for ssh on Linux.

1. Make sure you have updated openssh package to latest available version.

2. To change the ciphers/md5 in use requires modifying sshd_config file, you can append Ciphers & MACs with options as per the man page. For example:

# vi /etc/ssh/sshd_config
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com

From the man page of sshd_config:

# man sshd_config

     Ciphers
             Specifies the ciphers allowed for protocol version 2.  Multiple ciphers must be comma-separated.  The supported ciphers are
             “3des-cbc”, “aes128-cbc”, “aes192-cbc”, “aes256-cbc”, “aes128-ctr”, “aes192-ctr”, “aes256-ctr”, “arcfour128”, “arcfour256”,
             “arcfour”, “blowfish-cbc”, “rijndael-cbc@lysator.liu.se”, and “cast128-cbc”.  The default is:

                aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
                aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
                aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

     MACs    Specifies the available MAC (message authentication code) algorithms.  The MAC algorithm is used in protocol version 2 for data
             integrity protection.  Multiple algorithms must be comma-separated.  The default is:

                   hmac-md5,hmac-sha1,umac-64@openssh.com,
                   hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
                   hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com

3. Restart the sshd service.

# service sshd restart       ### For CentOS/RHEL 6
# systemctl restart sshd     ### For CentOS/RHEL 7

Filed Under: Linux

Some more articles you might also be interested in …

  1. CentOS / RHEL : How to disable root login or root access on a system
  2. Unable to Start RDMA Services on CentOS/RHEL 7
  3. How to enable/disable SELinux Modes in RHEL/CentOS
  4. The System Continuously Displayed the Error Message from the “avahi-demon” in /var/log/messages
  5. What are Reserved User Accounts in MySQL
  6. How to Change Timezone from CST To EST in CentOS/RHEL 7 Server
  7. How to disable avahi-daemon service in CentOS/RHEL
  8. Unmounting a Windows Share Fails in Linux
  9. CentOS/RHEL 6 Kernel Panic – “Out of memory” kernel parameter panic_on_oom is enabled
  10. How to Configure Logical Volume Manager for Cluster File System

You May Also Like

Primary Sidebar

Recent Posts

  • Oracle Database – Configuring Secure Application Roles
  • Extend rule sets by using factors in Oracle Database Vault
  • What are Command Rules in oracle Database
  • Using Rule Sets in Oracle Database Vault
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary