Note!! Please register for a free account to access the full content and also to participate in Q&A in the community
Oracle Linux: How to Disable CBC Ciphers in SSHd server on Oracle Linux 8/9
                
                                    
                                  in Linux             
            Applies to:
Oracle Cloud Infrastructure - Version N/A and later
Linux x86-64
Oracle Linux 8 – Oracle Linux 9.
Goal:
Disable CBC ciphers in openSSH server on Oracle Linux 8 and Oracle Linux 9
Solution:
Follow below steps as root user:
1) Create DISABLE-CBC.pmod sub-policy file with the following content:
# vi /etc/crypto-policies/policies/modules/DISABLE-CBC.pmod cipher@ssh = -AES-192-CBC -AES-128-CBC -AES-256-CBC -3DES-CBC cipher = -AES-128-CBC -AES-192-CBC -AES-256-CBC -3DES-CBC mac = HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512
2) Check the current policy:
# update-crypto-policies --show DEFAULT
            Tagged:
            
        
0