You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register
Skip to content
  • Register

    • How to Remove Weak Ciphers from SSH in Oracle Linux 8 and 9

    in Linux

    Applies to:   

    Oracle Linux - Version 8 and later 

     

    Goal  

    Some Ciphers, Macs and KexAlgorithms used by default in SSHD configuration, are considered weak by some security scanners. Most notable are SHA1 signature algorithms and RSA and Diffie-Hellman parameters. 

    Example of output from security scanner: 

      a. Running SSH service * Insecure CBC ciphers in use: aes256-cbc,aes128-cbc 

      b. Running SSH service * Insecure key exchange algorithms in use: diffie-hellman-group-exchange-sha1 

      c. Running SSH service * Insecure MAC algorithms in use: hmac-sha1-etm@openssh.com,hmac-sha1 

    This document will explain how to disable them in the system configuration for Oracle Linux 8 and 9. 

    Solution 

    From the Linux crypto-policies man page: 

    Tagged:

    Howdy, Stranger!

    Log In

    To view full details, sign in.

    Register

    Don't have an account? Click here to get started!