SSH Weak MAC Algorithms Enabled

Document ID : KB000010489
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

How to disable SSH weak MAC Algorithms

Instructions:

1. login to gateway as root

2. Run the following command sshd -T | egrep '^macs'

3. You should see the output similar to below

macs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

4. Navigate to /etc/ssh/sshd_config

5. Add the following line to sshd_config

MACs hmac-sha1,hmac-ripemd160

6. Run service sshd restart

7. Run the command sshd -T | egrep '^macs' and you should see something similar to below

macs hmac-sha1,hmac-ripemd160