From 7c526313fd716ef6bd6c30546fcc74c46e04301f Mon Sep 17 00:00:00 2001
From: ChiefGyk <alon@ganon.me>
Date: Thu, 21 Jul 2016 12:15:58 -0400
Subject: [PATCH] per Yodax suggestion used built in python tool I was unaware
 existed.

---
 setup/system.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/setup/system.sh b/setup/system.sh
index 0e0960fc..4d9f929e 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -220,9 +220,12 @@ APT::Periodic::Verbose "1";
 EOF
 
 # Harden SSH and disable weak ciphers
-grep -q -F "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 \
-MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160" /etc/ssh/sshd_config || echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 \
-MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160" >> /etc/ssh/ssh_config
+echo "disabling weak SSH ciphers"
+tools/editconf.py /etc/ssh/sshd_config -s \
+	Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 \
+	MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+	
+restart_service ssh
 
 # ### Firewall