The “sshd_config” file is generated when system is booting.
So you need to copy the modified “sshd_config” file to /usr2 and copy it to /etc/ssh folder using /usr2/rc.user file
Please follow steps below to disable an older cipher.
1. Modify /etc/ssh/sshd_config as you want *
2. Copy /etc/ssh/sshd_config to /usr2/
3. Modify /usr2/rc.user as follows,
#!/bin/bash
# rc.user : Sample script file for running user programs at boot time
#PATH=/bin:/usr/bin:/sbin:/usr/sbin
copy_sshd_config() {
sleep 12
echo "copy sshd_config"
/bin/cp -f /usr2/sshd_config /etc/ssh/sshd_config
echo "restart sshd"
/etc/init.d/sshd restart
}
copy_sshd_config&
exit 0
4. Reboot the system
*For the Terrapin (CVE-2023-48795) vulnerability the following must be disabled:
Ciphers -chacha20-poly1305@openssh.com
MACs -umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
Last updated:
Mar 07, 2024