Linux

How to disable RC4 Cipher Algorithms support in SSH Server

RC4 is a stream cipher and it is remarkable for its simplicity and speed in software. multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used.

By default, both SSH and Apache allow RC4, however RC4 can no longer be seen as providing a sufficient level of security for SSH sessions. It has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks.

To disable RC4 Cipher is very easy and can be done in few steps. The RC4 ciphers are the ciphers known as arcfour in SSH.

You can disallow the use of these ciphers by modifying the configuration as seen below.
– Log in to the server with the root account via SSH
– Edit the /etc/ssh/sshd_config file and add the following line:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc

– Restart the sshd service to make the changes take effect:

service sshd restart

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session. I welcome you to follow me on Twitter and Facebook.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x