I'm new to this but have been searching everywhere for a clear answer.
To pass PCI compliance the Arcfour cipher should be disabled.
I've tried to edit the ciphers in my sshd_conf and ssh_conf files to no avail.
As far as I can make out the default ciphers are
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
I've tired removing the arcfour instances from that line and also adding a '-' (minus) before them which didn't work either.
How does one disable arcfour ciphers?
We're running CentOS 6.8 in case that helps.
Best Answer
CentOS 5, 6 & 7 don't have a Ciphers line in the /etc/ssh/sshd_config file so you get the full default list of ciphers. So to exclude arcfour add the following lines to your sshd_config file:
Then restart sshd:
service sshd restart
As noted above you can test using
If the specified cipher is disabled you'll get a response like
otherwise you'll see the normal login process.