How do I disable sshd algorithms?

ssh centos centos7

As far as I know the OpenSHH does support disabling specific key exchange algorithms or ciphers (and those are actually two different things), by prepending the list of algorithms you want disabled with a hyphen/minus -, although more common is setting up explicitly what you do want to allow.

See: https://man.openbsd.org/sshd_config#KexAlgorithms

If KexAlgorithms is currently not set then your server is using the default settings. You could leave the defaults and disable those two offending weak key exchange algorithms with:

# sshd_config
...
KexAlgorithms -diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1

Or you could set the more explicit strong settings such as (which may break backward compatibility with old clients):

# sshd_config
...
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]

Related

How do I Generate a Bearer Token for cURL to Get Thru IAP (GCP)?
SSL certificates apparently confusing different websites
What is the default configuration for logrotate.conf in Ubuntu?
NFS server daemon fails to start at boot
Can I safely connect a USB 2.0/1.1 internal pin block to a USB3.0 motherboard header?
Move Kaspersky Virus Definitions Update to Another Computer
Stack every nth column under neath each other
How to search only the filename for a substring in Windows?
Windows: Changing an External Hard Drive's Drive Letter
Dual-boot Windows 8?
How to partition single drive without losing data in it for Windows 7
Cannot write, format, nor erase flash drive