Modifying the “sshd_config” file for ConnectPort LTS - Terrapin Fix

The “sshd_config” file is generated when system is booting. 
So you need to copy the modified “sshd_config” file to /usr2 and copy it to /etc/ssh folder using /usr2/rc.user file 
Please follow steps below to disable an older cipher. 

1. Modify /etc/ssh/sshd_config as you want * 
2. Copy /etc/ssh/sshd_config to /usr2/ 
3. Modify /usr2/rc.user as follows, 

#!/bin/bash 
# rc.user : Sample script file for running user programs at boot time 
#PATH=/bin:/usr/bin:/sbin:/usr/sbin 
copy_sshd_config() { 
        sleep 12 
        echo "copy sshd_config" 
        /bin/cp -f /usr2/sshd_config /etc/ssh/sshd_config 
        echo "restart sshd" 
        /etc/init.d/sshd restart 

copy_sshd_config& 
exit 0 
 
4. Reboot the system 

*For the Terrapin (CVE-2023-48795) vulnerability the following must be disabled: 

Ciphers -chacha20-poly1305@openssh.com 
MACs -umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com 

Last updated: Mar 07, 2024

Filed Under

Network

Recently Viewed

No recently viewed articles

Did you find this article helpful?