PCI COMPLIANCE SSH Diffie-Hellman Modulus

When doing PCI COMPLIANCE scan got error related to SSH Diffie-Hellman Modulus <= 1024 Bits (Logjam). SSH Diffie-Hellman Modulus error

To fix the error, run

cp /etc/ssh/moduli /etc/ssh/moduli.backup
awk '$5 > 2000' /etc/ssh/moduli > /etc/ssh/moduli

Edit file

vi /etc/ssh/sshd_config

Add at end of the file

KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256

Restart sshd

systemctl restart sshd
Need help with Linux Server or WordPress? We can help!
Contact Us

Leave a Reply

Your email address will not be published. Required fields are marked *