To improve the SSH security on your Forge server by disabling weak HMAC algorithms, you need to modify the SSH daemon configuration. Here's how you can do it:
-
SSH into your server using a terminal or an SSH client.
-
Open the SSH daemon configuration file with a text editor. You can use
nanoorvim. For example:
sudo nano /etc/ssh/sshd_config
- Look for the line that starts with
MACsin thesshd_configfile. If it doesn't exist, you can add it. You'll want to specify which MACs (message authentication codes) to enable, excluding the weak ones like MD5 and 96-bit MACs. For example:
MACs hmac-sha2-512,hmac-sha2-256
This line will configure the SSH server to only use the SHA-2 family of HMACs with 256 and 512-bit hashes, which are considered secure.
-
After making the change, save the file and exit the text editor. If you're using
nano, you can save by pressingCTRL + X, thenYto confirm, andEnterto write the changes. -
To apply the changes, restart the SSH service with the following command:
sudo systemctl restart sshd
- It's a good practice to test your SSH connection in a new terminal window before closing the current session, to ensure that you can still connect with the new configuration.
By following these steps, you will have improved the security of your SSH server by disabling weak HMAC algorithms. Remember to always keep your server updated and regularly review your security settings to protect against new vulnerabilities.