PCI COMPLIANCE SSH Diffie-Hellman Modulus

Written by

When doing PCI COMPLIANCE scan got error related to SSH Diffie-Hellman Modulus <= 1024 Bits (Logjam). SSH Diffie-Hellman Modulus error

To fix the error, run

cp /etc/ssh/moduli /etc/ssh/moduli.backup
awk '$5 > 2000' /etc/ssh/moduli > /etc/ssh/moduli

Edit file

vi /etc/ssh/sshd_config

Add at end of the file

KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256

Restart sshd

systemctl restart sshd

linux

PCI COMPLIANCE SSH Diffie-Hellman Modulus

Comments

Leave a Reply Cancel reply

More posts

Route Specific Subnet Through OpenVPN

How to stop all services on a cpanel server

Upgrade MariaDB 10.3 to 10.5 on Ubuntu 20.04

How to hide a WordPress Plugin