How To Disable Weak Ciphers such as Cipher Block Chaining (CBC) Ciphers on Oracle Linux
It is possible to limit what ciphers can be used with the ssh service on Linux distributions, and weak ciphers, such as CBC ciphers and the HMAC MD5 algorithms can be disabled.
To disable weak ciphers, such as CBC ciphers and insecure HMAC algorithms, use the following procedures:
Oracle Linux 8 and 9
The list of available ciphers may be obtained using the ssh -Q cipher command:
# ssh -Q cipher
The list of available MAC algorithms may be obtained using the ssh -Q mac command:
# ssh -Q mac
To disable weak ciphers and insecure HMAC algorithms in ssh service in Oracle Linux 8 or 9, follow the instructions below:
0