https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169997#M59884 <P>THX <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>,</P> <P>I forgot the&nbsp;red area in the path/file:<BR />/etc/ssh/<STRONG><FONT color="#FF0000">templates</FONT></STRONG>/sshd_config<STRONG><FONT color="#FF0000">.templ</FONT></STRONG></P> <P>I have changed it above.</P> Wed, 01 Feb 2023 22:45:41 GMT HeikoAnkenbrand 2023-02-01T22:45:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169938#M59880 <P>Hello,</P><P>&nbsp;&nbsp;</P><P>I would like to know that can I&nbsp;disable support for weak ciphers (Arcfour and Cipher Block Chaining (CBC) cipher suites) and want to implement&nbsp; support of strong ciphers (Counter (CTR)).&nbsp;</P><P>Can I know the steps.?</P> Wed, 01 Feb 2023 15:21:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169938#M59880 May_Kyaw 2023-02-01T15:21:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169959#M59881 <P>Starting from R80.40 you can change that by editing sshd_config content by changing the default SSH encryption method used. To change the default SSH encryption method used, do the following and edit the chiper in the&nbsp;/etc/ssh/templates/sshd_config.templ file.</P> <P>For example, to set the default encryption method:</P> <P><EM>Ciphers aes256-ctr,aes128-ctr,...</EM></P> <P>Restart the SSH server using the "<EM>service sshd restart"</EM> command.</P> <P>Version R81.10+ introduces these commands to change the configuration with Clish:</P> <UL> <LI>set ssh server cipher VALUE off</LI> <LI>set ssh server cipher VALUE on</LI> <LI>set ssh server mac VALUE off</LI> <LI>set ssh server mac VALUE on</LI> <LI>show ssh server cipher enabled</LI> <LI>show ssh server cipher supported</LI> <LI>show ssh server mac enabled</LI> <LI>show ssh server mac supported</LI> </UL> Wed, 01 Feb 2023 22:46:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169959#M59881 HeikoAnkenbrand 2023-02-01T22:46:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169961#M59882 <P>More see here:<BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk106031&amp;partition=Advanced&amp;product=Quantum" target="_self">sk106031 - How to change SSH encryption protocols and Message Authentication Code settings</A><BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk179517" target="_self">sk179517 - How to change mac/cipher/kex algorithms in R81.10+</A>&nbsp;</P> Wed, 01 Feb 2023 17:39:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169961#M59882 HeikoAnkenbrand 2023-02-01T17:39:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169963#M59883 <P>From R80.40 JHF 83 through R81, the correct approach is to edit /etc/ssh/templates/sshd_config.templ instead of /etc/ssh/sshd_config&nbsp;<BR /><BR /></P> Wed, 01 Feb 2023 17:50:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169963#M59883 PhoneBoy 2023-02-01T17:50:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169997#M59884 <P>THX <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>,</P> <P>I forgot the&nbsp;red area in the path/file:<BR />/etc/ssh/<STRONG><FONT color="#FF0000">templates</FONT></STRONG>/sshd_config<STRONG><FONT color="#FF0000">.templ</FONT></STRONG></P> <P>I have changed it above.</P> Wed, 01 Feb 2023 22:45:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/169997#M59884 HeikoAnkenbrand 2023-02-01T22:45:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/170014#M59885 <P>Thanks so much. I will try this.</P> Thu, 02 Feb 2023 02:14:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Disable-ssh-weak-ciphers-for-CheckPoint-Smart-1-410/m-p/170014#M59885 May_Kyaw 2023-02-02T02:14:04Z