CentOS 7 – SSHD Weak Diffie-Hellman / Logjam

Add this line to sshd or replace it, and remove ciphers of less than 2000 from the moduli

echo 'KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256'  > /etc/ssh/sshd_config
awk '$5 > 2000' /etc/ssh/moduli > /tmp/moduli; cp /tmp/moduli /etc/ssh/moduli

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.