search for: hardening_guides

Hi Kaushal, I maintain a set of SSH hardening guides for various platforms, including RHEL 8. You can find them here: https://ssh-audit.com/hardening_guides.html - Joe -- Joseph S. Testa II Founder & Principal Security Consultant Positron Security On Thu, 2024-01-25 at 18:39 +0530, Kaushal Shriyan wrote: > Hi, > > I am running the below servers on Red Hat Enterprise Linux release > 8.7 > (Ootpa). The details are as follows. &...

On 25.01.24 14:09, Kaushal Shriyan wrote: > I am running the below servers on Red Hat Enterprise Linux release 8.7 > How do I enable strong KexAlgorithms, Ciphers and MACs On RHEL 8, you need to be aware that there are "crypto policies" modifying sshd's behaviour, and it would likely be the *preferred* method to inject your intended config changes *there* (unless they

Hi, I am running the below servers on Red Hat Enterprise Linux release 8.7 (Ootpa). The details are as follows. # rpm -qa | grep openssh openssh-8.0p1-16.el8.x86_64 openssh-askpass-8.0p1-16.el8.x86_64 openssh-server-8.0p1-16.el8.x86_64 openssh-clients-8.0p1-16.el8.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) # How do I enable strong KexAlgorithms, Ciphers and

...fingerprints for server identification; it is insecure for this use case # algorithm recommendations (for OpenSSH 8.0) (rec) -chacha20-poly1305 at openssh.com -- enc algorithm to remove # additional info (nfo) For hardening guides on common OSes, please see: < https://www.ssh-audit.com/hardening_guides.html> #update-crypto-policies --set FIPS # update-crypto-policies --show FIPS #./ssh-audit.py -vvv localhost Starting audit of localhost:22... # general (gen) banner: SSH-2.0-OpenSSH_8.0 (gen) software: OpenSSH 8.0 (gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 20...