Manually Configuring SSH Ciphers

If you are installing or upgrading to TOS Classic R21-3 HF5 and earlier on TufinOS 3.100, we recommend that you manually configure the SSH ciphers.

Configure SSH Ciphers

  1. Edit the file /etc/ssh/sshd_config.

  2. Add or update the following fields:

    MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
    Ciphers [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
    KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256
  3. Restart the sshd service:

    # systemctl restart sshd