All HowTo's Cyber-Security Linux Redhat, Fedora and CentOS Linux

Hardening SSH Server on CentOS or RHEL 6 & 7

This article is a quick note on how to improve OpenSSH server security on Redhat Enterprise Linux and CentOS 6 and 7. This is not about Passwords-v-Keys (use keys, not passwords) but rather hashes, encryption and key exchanges.

The “/etc/ssh/sshd_config” file should have the following added to it to ensure weaker standards are not used.

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,[email protected]
KexAlgorithms diffie-hellman-group-exchange-sha256
HostKey /etc/ssh/ssh_host_rsa_key
RSAAuthentication yes
# DSAAuthentication no # Disabling this will disable other things too.

Make sure to do this safely. In my experience, setting invalid settings on the OpenSSH server doesn’t kill the current session. But be careful because your server might be different.

The above change requires the SSH server to be restarted.

Leave a Reply

Your email address will not be published. Required fields are marked *