per Yodax suggestion used built in python tool I was unaware existed.

2025-04-21 03:02:09 +00:00 · 2016-07-21 12:15:58 -04:00 · 2016-07-21 12:15:58 -04:00 · 7c526313fd
commit 7c526313fd
parent bf8e095b36
1 changed files with 6 additions and 3 deletions
--- a/setup/system.sh
+++ b/setup/system.sh
@ -220,9 +220,12 @@ APT::Periodic::Verbose "1";
 EOF

 # Harden SSH and disable weak ciphers
-grep -q -F "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 \
-MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160" /etc/ssh/sshd_config || echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 \
-MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160" >> /etc/ssh/ssh_config
+echo "disabling weak SSH ciphers"
+tools/editconf.py /etc/ssh/sshd_config -s \
+	Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 \
+	MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+	
+restart_service ssh

 # ### Firewall