Secure SSH



RHEL 7

RHEL 7.1 uses OpenSSH 6.6.1p1, including curve25519 and chacha20-poly1305.

HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com


RHEL 6

RHEL 6 uses OpenSSH 5.3p1.

Ciphers aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160

Debian 8 / jessie

Debian 8 / jessie uses OpenSSH 6.7p1

Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@ope

 
More way to harden SSL:
https://github.com/dev-sec/chef-ssh-hardening
We recommend to visit this page for updates:

https://github.com/stribika/stribika.github.io/wiki/Secure-Secure-Shell
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

SSH public key auth CentOS

How to add your SSH public key to CentOS In this tutorial we are going to add our public key...