/etc/ssh/sshd_config
去掉arcfour,arcfour128,arcfour256等弱加密算
最後面一行設置
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
修改完成後執行:
service sshd reload
service sshd start
驗證是否設置成功:ssh -vv -oCiphers=aes128-cbc,3des-cbc,blowfish-cbc 127.0.0.1
或ssh -vv -oMACs=hmac-md5 127.0.0.1
或
nmap --script "ssh2*" 127.0.0.1
*:如果沒有nmap ,可以安裝:yum install nmap
設置前:
設置後:
centos7安裝sshd
yum install -y openssl openssh-server
yum install openssh*
systemctl enable sshd
systemctl start sshd
service sshd start
防火牆打開22端口
sudo firewall-cmd --zone=public --add-port=22/tcp --permanent