SSH: How to disable weak ciphers?

If you have no explicit list of ciphers set in ssh_config using the Ciphers keyword, then the default value, according to man 5 ssh_config (client-side) and man 5 sshd_config (server-side), is:

            aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
            [email protected],[email protected],
            [email protected],
            aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
            aes256-cbc,arcfour

Note the presence of the arcfour ciphers. So you may have to explicitly set a more restrictive value for Ciphers.

ssh -Q cipher from the client will tell you which schemes your client can support. Note that this list is not affected by the list of ciphers specified in ssh_config. Removing a cipher from ssh_config will not remove it from the output of ssh -Q cipher. Furthermore, using ssh with the -c option to explicitly specify a cipher will override the restricted list of ciphers that you set in ssh_config and possibly allow you to use a weak cipher. This is a feature that allows you to use your ssh client to communicate with obsolete SSH servers that do not support the newer stronger ciphers.

nmap --script ssh2-enum-algos -sV -p <port> <host> will tell you which schemes your server supports.

To disable RC4 and use secure ciphers on SSH server, hard-code the following in /etc/ssh/sshd_config

ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr

OR if you prefer not to dictate ciphers but merely want to strip out insecure ciphers, run this on the command line instead (in sudo mode):

sshd -T | grep ciphers | sed -e "s/\(3des-cbc\|aes128-cbc\|aes192-cbc\|aes256-cbc\|arcfour\|arcfour128\|arcfour256\|blowfish-cbc\|cast128-cbc\|[email protected]\)\,\?//g" >> /etc/ssh/sshd_config

You can check ciphers currently used by your server with:

sudo sshd -T | grep ciphers | perl -pe 's/,/\n/g' | sort -u

Make sure your ssh client can use these ciphers, run

ssh -Q cipher | sort -u

to see the list.

You can also instruct your SSH client to negotiate only secure ciphers with remote servers. In /etc/ssh/ssh_config set:

Host *
    ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr

Above snippets come from here
To test your server's settings you can use ssh-audit

The problem with explicitly specifying a cipher list is that you must manually add new ciphers as they come out. Instead, simply list the ciphers you want to remove, prepending the list (not each individual cipher) with a '-' character. So in this case, the Ciphers line should read:

Ciphers -arcfour*

Or if you prefer:

Ciphers -arcfour,arcfour128,arcfour256

From the sshd_config man page on the Ciphers option (since OpenSSH 7.5, released 2017-03-20):

If the specified value begins with a ‘+’ character, then the specified ciphers will be appended to the default set instead of replacing them. If the specified value begins with a ‘-’ character, then the specified ciphers (including wildcards) will be removed from the default set instead of replacing them.

This also applies to the KexAlgorithms and MACs options.