- # configuring sshd by editing /etc/ssh/sshd_config to minimize break-in potential through the use of weak passwords and cryptographic mechanisms.
# Edit /etc/ssh/sshd_config to make sure that:- # the use of the ssh protocol verion 1 is disabled and its hostkeys are not specified
- # the password and publickey authentication methods are enabled
- # the list of block ciphers and mac algorithms that can be used is updated
# You can accomplish this if you specify the following lines in your /etc/ssh/sshd_config:Protocol 2 # HostKey /etc/ssh/ssh_host_key PasswordAuthentication no PubkeyAuthentication yes Ciphers aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour MACs hmac-ripemd160,hmac-sha1,hmac-sha1-96
# Paolo Falcioni kindly provided a ready-to use copy of /etc/ssh/sshd_config which already contains this finetuning