Ini adalah posting singkat tentang cara menonaktifkan algoritma HMAC berbasis MD5 untuk ssh di Linux.
1. Pastikan Anda telah memperbarui paket openssh ke versi terbaru yang tersedia.
2. Untuk mengubah cipher/md5 yang digunakan memerlukan modifikasi file sshd_config, Anda dapat menambahkan Cipher &MAC dengan opsi sesuai halaman manual. Misalnya:
# vi /etc/ssh/sshd_config Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour MACs hmac-sha1,[email protected],hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,[email protected]
Dari halaman manual sshd_config:
# man sshd_config Ciphers Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. The supported ciphers are “3des-cbc”, “aes128-cbc”, “aes192-cbc”, “aes256-cbc”, “aes128-ctr”, “aes192-ctr”, “aes256-ctr”, “arcfour128”, “arcfour256”, “arcfour”, “blowfish-cbc”, “[email protected]”, and “cast128-cbc”. The default is: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour,[email protected] MACs Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. The default is: hmac-md5,hmac-sha1,[email protected], hmac-ripemd160,hmac-sha1-96,hmac-md5-96, hmac-sha2-256,hmac-sha2-512,[email protected]
3. Mulai ulang layanan sshd.
# service sshd restart ### For CentOS/RHEL 6 # systemctl restart sshd ### For CentOS/RHEL 7