How to disable RC4 Cipher Algorithms support in SSH Server

disable RC4 Cipher Algorithms

RC4 is a stream cipher and it is remarkable for its simplicity and speed in software. multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used.

By default, both SSH and Apache allow RC4, however RC4 can no longer be seen as providing a sufficient level of security for SSH sessions. It has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks.

How to disable RC4 Cipher Algorithms

Furthermore, To disable RC4 Cipher is very easy and can be done in few steps. The RC4 ciphers are the ciphers known as arcfour in SSH.

SSH Server

However, You can disallow the use of these ciphers by modifying the configuration, as seen below.
– Log in to the server with the root account via SSH
– Edit the /etc/ssh/sshd_config file and add the following line:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc

– Restart the sshd service to make the changes take effect:

service sshd restart

I hope you found this blog post on How to disable RC4 Cipher Algorithms helpful. Please let me know in the comment session if you have any questions. I welcome you to follow me on Twitter and Facebook.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x