All Linux HowTo's Security HowTo's

Hardening SSH Server on CentOS or RHEL 6 & 7

This article is a quick note on how to improve OpenSSH server security on Redhat Enterprise Linux and CentOS 6 and 7. This is not about Passwords-v-Keys (use keys, not passwords) but rather hashes, encryption and key exchanges.

The “/etc/ssh/sshd_config” file should have the following added to it to ensure weaker standards are not used.

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
MACs hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com
KexAlgorithms diffie-hellman-group-exchange-sha256
HostKey /etc/ssh/ssh_host_rsa_key
RSAAuthentication yes
# DSAAuthentication no # Disabling this will disable other things too.

Make sure to do this safely. In my experience, setting invalid settings on the OpenSSH server doesn’t kill the current session. But be careful because your server might be different.

The above change requires the SSH server to be restarted.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.