February 2020
Intermediate to advanced
666 pages
15h 45m
English
Content preview from Mastering Linux Security and Hardening - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Hands-on lab – disabling weak SSH encryption algorithms – Ubuntu 18.04
For this lab, you'll need the VM that you've been using as a scanner, and another Ubuntu 18.04 VM to scan and configure. Let's get started:
- If you haven't done so already, scan the Ubuntu 18.04 VM and save the output to a file:
sudo ssh_scan -t 192.168.0.7 -o ssh_scan-7.json
- On the target Ubuntu 18.04 VM, open the /etc/ssh/sshd_config file in your preferred text editor. Toward the top of the file, find these two lines:
# Ciphers and keying#RekeyLimit default none
- Beneath those two lines, insert these three lines:
Ciphers -aes128-ctr,aes192-ctr,aes128-gcm@openssh.comKexAlgorithms ecdh-sha2-nistp384MACs -hmac-sha1-etm@openssh.com,hmac-sha1,umac-64-etm@openssh.com,umac-64@openssh.com,umac-128-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-256 ...