SSH Protocol: Enable protocol version 2
Uncomment Protocol 2 in /etc/ssh/sshd_config as below:
[root@linuxcnf
~]# vi /etc/ssh/sshd_config
….
Protocol
2
…
|
Ciphers:
Add or modify the "Ciphers" line
in /etc/ssh/sshd_config as below:
[root@linuxcnf
~]# vi /etc/ssh/sshd_config
….
Ciphers
aes128-ctr,aes192-ctr,aes256-ctr
…
|
MD5 HMACs:
Add or modify the "MACs" line
in /etc/ssh/sshd_config as below:
[root@linuxcnf
~]# vi /etc/ssh/sshd_config
…
MACs
hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com
…
|
Finally, restart sshd service to apply the changes:
[root@linuxcnf
~]# service sshd restart
Stopping
sshd:
[ OK ]
Starting
sshd:
[ OK ]
[root@linuxcnf
~]#
|
Let’s verify the configuration changes:
[root@linuxcnf
~]#sshd -T |grep ciphers
ciphers
aes128-ctr,aes192-ctr,aes256-ctr
[root@linuxcnf
~]#sshd -T |grep macs
macs
hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com
[root@linuxcnf
~]#
|
That’s
done!!!
SSH remains one of the most critical services exposed on Linux servers, and securing it properly is essential for maintaining confidentiality and integrity. The discussion on secure encryption standards, authentication mechanisms, and vulnerability mitigation makes this article highly relevant for professionals and students exploring Information Security Projects and understanding modern system hardening practices.
ReplyDeleteThe techniques presented here also provide valuable insights into secure remote administration, attack prevention, and defensive strategies used in enterprise environments. These concepts align closely with Cyber Security Projects for Final Year Students, where practical knowledge of vulnerability mitigation and secure system design plays a crucial role.
ReplyDelete