/etc/ssh/sshd_config
去掉arcfour,arcfour128,arcfour256等弱加密算
最后面一行设置
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],[email protected]
修改完成后执行:
service sshd reload
service sshd start
验证是否设置成功:ssh -vv -oCiphers=aes128-cbc,3des-cbc,blowfish-cbc 127.0.0.1
或
ssh -vv -oMACs=hmac-md5 127.0.0.1
或
nmap --script "ssh2*" 127.0.0.1
*:如果没有
nmap ,可以安装:yum install nmap
设置前:
设置后:
centos7安装sshd
yum install -y openssl openssh-server
yum install openssh*
systemctl enable sshd
systemctl start sshd
service sshd start
防火墙打开22端口
sudo firewall-cmd --zone=public --add-port=22/tcp --permanent